System Check - just like t28256

View previous topic View next topic Go down

System Check - just like t28256

Post by Blues5340 on Wed Jan 25, 2012 11:31 pm

Received multiples of the following errors. Also, windows with "AVG Identity Threat" asking if want to 'vault' the file or leave it. After 20 minutes with no apparent progress, gave up 'vaulting' the files.

"Hard drive clusters are partly damaged"
"Windows OS can't detects a free hard drive space. hard drive error."
"Files indexation process failed"
RAM memory
"Critical error. Hard drive critical error."
"Windows - Delayed write failed" with some variation of the
following: "Failed to save all the components for the file\\system32\\000061b14 etc.. The file is corrupted or unreadable. This error may be caused by a PC hardware problem"

Including Extras.txt and Checkup.txt here since they will fit. Attached OTL.txt. Was not able to run aswMBR because SYSTEM CHECK has a window open in the middle of my monitor which I cannot move. aswMBR opened underneath it.

This is my first post and hopefully have done everything within reason. Certainly GREATLY appreciate all of your help.

Extras.txt
OTL Extras logfile created on: 1/25/2012 4:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.68 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 63.33% Memory free
11.36 Gb Paging File | 9.54 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.09 Gb Total Space | 865.22 Gb Free Space | 94.14% Space Free | Partition Type: NTFS
Drive D: | 12.32 Gb Total Space | 1.51 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: NEIL-HP | User Name: Neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2393F144-F88F-4FB3-8B57-9D6F8B4E8F9E}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{78DC83C7-7E9D-4518-8DFE-C8BBF69173D9}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0377472-ED83-4A66-8B2E-0ECAEF190E47}" = AVG 2011
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{26F62F4B-98F3-41F3-80A3-436132A3B120}" = Brother HL-2170W
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{319E272A-B5DB-4939-99D0-1F1F0C55699E}" = HP Support Assistant
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"amg-wordslinger" = Word Slinger
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 8:45:06 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/17/2011 4:04:32 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/17/2011 4:24:11 AM | Computer Name = Neil-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/19/2011 10:01:19 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/20/2011 9:27:44 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/20/2011 11:01:31 PM | Computer Name = Neil-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.1.4341 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5ec Start
Time: 01ccbf898db253a7 Termination Time: 17 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 0f4f0a06-2b80-11e1-8cc5-6c626d9edf14

Error - 12/21/2011 8:16:09 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/23/2011 12:06:03 PM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/24/2011 8:52:56 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/25/2011 9:05:33 AM | Computer Name = Neil-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 12/30/2011 3:42:47 PM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 12/31/2011 1:47:02 PM | Computer Name = Neil-HP | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 12/31/2011 1:50:16 PM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 12/31/2011 7:42:43 PM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 1/3/2012 9:51:24 AM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 1/12/2012 4:19:58 AM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 1/13/2012 6:22:24 PM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 1/13/2012 7:17:06 PM | Computer Name = Neil-HP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{532A025E-52B8-4571-A8C2-DC0D619CAFF3}
because another computer on the network has the same name. The server could not
start.

Error - 1/21/2012 11:45:26 AM | Computer Name = Neil-HP | Source = DCOM | ID = 10016
Description =

Error - 1/22/2012 6:31:29 PM | Computer Name = Neil-HP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{532A025E-52B8-4571-A8C2-DC0D619CAFF3}
because another computer on the network has the same name. The server could not
start.


< End of report >


CHECKUP.txt
Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java(TM) 6 Update 26
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````



Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Belahzur on Fri Jan 27, 2012 8:20 pm

Hello.
Please post the main OTL.txt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Blues5340 on Fri Jan 27, 2012 9:23 pm

Sorry, thought I could attach it.
This is first part.......rest in next post. MANY thanks !!


OTL logfile created on: 1/25/2012 4:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.68 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 63.33% Memory free
11.36 Gb Paging File | 9.54 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.09 Gb Total Space | 865.22 Gb Free Space | 94.14% Space Free | Partition Type: NTFS
Drive D: | 12.32 Gb Total Space | 1.51 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: NEIL-HP | User Name: Neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 16:43:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.com
PRC - [2012/01/24 16:02:46 | 000,353,016 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
PRC - [2012/01/23 18:59:25 | 000,445,688 | -H-- | M] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 08:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 03:57:50 | 000,779,984 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/05/23 00:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/09/30 23:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 16:02:46 | 000,353,016 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
MOD - [2012/01/23 18:59:25 | 000,445,688 | -H-- | M] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
MOD - [2011/12/31 13:19:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011/12/30 14:47:36 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/17 07:02:00 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/18 02:30:47 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/18 02:30:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll
MOD - [2011/10/18 02:26:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/18 02:26:04 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/18 02:25:57 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/18 02:25:48 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/18 02:25:43 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/18 02:25:40 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/18 02:25:32 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/18 02:25:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/18 02:25:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/18 02:25:25 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/18 02:25:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/02/09 21:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 21:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 21:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 21:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 21:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 21:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 21:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 21:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/23 00:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/09/30 23:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 23:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 20:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 05:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/05/23 19:41:39 | 000,038,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/05/23 19:41:38 | 000,701,800 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/20 23:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/02/04 09:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 04:00:00 | 001,773,104 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS -- (NAVEX15)
DRV - [2010/05/28 04:00:00 | 000,117,808 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dcc0dce&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/18 21:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 08:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/17 07:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/21 10:42:19 | 000,000,000 | ---D | M]

[2011/01/17 15:31:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Neil\AppData\Roaming\Mozilla\Extensions
[2011/11/30 19:51:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\cs68gazp.default\extensions
[2011/09/25 07:11:51 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\cs68gazp.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/12/17 07:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/17 07:02:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/17 07:01:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/17 07:01:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [nMdQvhGrqSMKfoq.exe] C:\ProgramData\nMdQvhGrqSMKfoq.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532A025E-52B8-4571-A8C2-DC0D619CAFF3}: DhcpNameServer = 10.1.1.11
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 16:43:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.com
[2012/01/23 19:10:57 | 000,000,000 | -H-D | C] -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/11 14:52:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/11 14:52:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/11 14:52:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/11 14:52:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/11 14:52:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/11 14:52:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 07:10:01 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 07:10:01 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 07:10:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 07:10:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 07:09:59 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/11 07:09:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/11 07:09:58 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 07:09:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 07:09:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/12/27 13:54:37 | 000,000,000 | -H-D | C] -- C:\Users\Neil\AppData\Local\Google
[2011/12/27 13:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/12/27 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/01/17 11:06:14 | 000,359,936 | R--- | C] (Microsoft Corporation) -- C:\Program Files\cards.dll
[2011/01/17 10:32:06 | 000,126,976 | R--- | C] (Microsoft Corporation) -- C:\Program Files\mshearts.exe
[2011/01/17 10:31:58 | 000,055,296 | R--- | C] (Microsoft Corporation) -- C:\Program Files\freecell.exe

========== Files - Modified Within 30 Days ==========

[2012/01/25 16:43:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.com
[2012/01/25 16:22:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 16:22:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 16:14:47 | 000,000,310 | -H-- | M] () -- C:\Windows\Brownie.ini
[2012/01/25 16:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 16:14:15 | 278,196,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 16:03:15 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~Rl5upFXK7MUc5u
[2012/01/24 16:03:15 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~Rl5upFXK7MUc5ur
[2012/01/24 16:03:14 | 000,000,679 | -H-- | M] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/24 16:03:14 | 000,000,655 | -H-- | M] () -- C:\Users\Neil\Desktop\System Check.lnk
[2012/01/24 16:02:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u
[2012/01/24 16:02:46 | 000,353,016 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
[2012/01/24 14:56:02 | 000,000,344 | -H-- | M] () -- C:\ProgramData\UUbf31FPrywISj
[2012/01/24 14:55:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\uVAwl8dJzFzXCs
[2012/01/24 14:55:26 | 000,000,336 | -H-- | M] () -- C:\ProgramData\xHL47S1x2nY8H9
[2012/01/24 14:55:05 | 000,000,352 | -H-- | M] () -- C:\ProgramData\TRJAs23erdib7R
[2012/01/24 14:54:48 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hyUox8QGmNSSFC
[2012/01/24 14:54:32 | 000,000,344 | -H-- | M] () -- C:\ProgramData\HKawUnc5AI26Hu
[2012/01/24 14:54:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\EVmbQXL2uC0hQf
[2012/01/24 14:53:59 | 000,000,328 | -H-- | M] () -- C:\ProgramData\UBCeSH83k3uSCj
[2012/01/24 14:53:42 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Chjsw4OqbIsm85
[2012/01/24 14:53:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\jEBJ3Il1AID3o2
[2012/01/24 14:52:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\t8ctDO6ELwRE6a
[2012/01/24 14:52:32 | 000,000,344 | -H-- | M] () -- C:\ProgramData\IRA8rdEXkFpctt
[2012/01/24 14:52:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\QJgSaKnOXKhxND
[2012/01/24 14:51:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2HXHIrF0m5fqGz
[2012/01/24 14:51:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Meix5Mbswk1PEw
[2012/01/24 14:51:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b9qQDfAQko3pKq
[2012/01/24 14:50:50 | 000,000,336 | -H-- | M] () -- C:\ProgramData\TbprYGWJcWcdVl
[2012/01/24 14:50:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\RLZlE6RvgE4AZ2
[2012/01/24 14:50:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\aL3RUa1xLyjQah
[2012/01/24 14:49:53 | 000,000,344 | -H-- | M] () -- C:\ProgramData\ZFCH1oTACD03us
[2012/01/24 14:48:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Wl3U1TrsAXviLf
[2012/01/24 14:48:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\vgHuCE3PhtH1mg
[2012/01/24 14:47:51 | 000,000,328 | -H-- | M] () -- C:\ProgramData\dSoesqsbOSJeLJ
[2012/01/24 14:47:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XO9tlPH9iMkqzt
[2012/01/24 14:47:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ao74IMqniYp9CW
[2012/01/24 14:46:52 | 000,000,344 | -H-- | M] () -- C:\ProgramData\YjH5uc6OR9Vsa1
[2012/01/24 14:46:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\i7nEOPvRAnRWnt
[2012/01/24 14:46:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ds658h5rowL2Rw
[2012/01/24 14:45:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WJf2OPmlcFb0CA
[2012/01/24 14:45:33 | 000,000,336 | -H-- | M] () -- C:\ProgramData\d8hes7T8z5U98v
[2012/01/24 14:45:15 | 000,000,344 | -H-- | M] () -- C:\ProgramData\f906iXlvxmsAHI
[2012/01/24 14:44:55 | 000,000,344 | -H-- | M] () -- C:\ProgramData\CyBsnJ4UfILC1X
[2012/01/24 14:44:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zmVnsXz4xtdy5p
[2012/01/24 14:44:08 | 000,000,344 | -H-- | M] () -- C:\ProgramData\oW9SYmIY5DmiAl
[2012/01/24 14:43:45 | 000,000,344 | -H-- | M] () -- C:\ProgramData\lSzdVYpVcllGcg
[2012/01/24 14:43:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Akt8yz4HzSGjlZ
[2012/01/24 14:43:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zrBWs4KQ44LrAl
[2012/01/24 14:42:46 | 000,000,328 | -H-- | M] () -- C:\ProgramData\dtcIUffI7VJJ55
[2012/01/24 14:42:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2rb0xDw7llGb5P
[2012/01/24 14:42:04 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2NmnkjakPFna0U
[2012/01/24 14:41:43 | 000,000,336 | -H-- | M] () -- C:\ProgramData\dkDjVsIFcrcKaL
[2012/01/24 14:41:16 | 000,000,344 | -H-- | M] () -- C:\ProgramData\C4lhEWXRbJCJ68
[2012/01/24 14:40:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\tJaUQLlfGSTedg
[2012/01/24 14:40:33 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ysTgHMgEEtDGPJ
[2012/01/24 14:40:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Dcfz1fq9ZhFCZ3
[2012/01/24 14:39:53 | 000,000,328 | -H-- | M] () -- C:\ProgramData\82wDjsfyswswZq
[2012/01/24 14:39:32 | 000,000,328 | -H-- | M] () -- C:\ProgramData\wSenr5f5FncgrK
[2012/01/24 14:39:13 | 000,000,344 | -H-- | M] () -- C:\ProgramData\4EpPQ1Dqij9FLC
[2012/01/24 14:38:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\T2mpRva1J3ydU1
[2012/01/24 14:38:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\1A6gACTPHfytGx
[2012/01/24 14:38:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\5U3oQkkA99T8Cv
[2012/01/24 14:37:54 | 000,000,328 | -H-- | M] () -- C:\ProgramData\FoQ8IMyZn0oQQJ
[2012/01/24 14:37:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b9Wo1TZP2laDb8
[2012/01/24 14:37:11 | 000,000,344 | -H-- | M] () -- C:\ProgramData\w4EcQnULf7JeDf
[2012/01/24 14:36:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WMpIXHpcMH3Jo4
[2012/01/24 14:36:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Th0LbT3RSTNuPo
[2012/01/24 14:36:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\IFoNo44MhEV40C
[2012/01/24 14:35:53 | 000,000,328 | -H-- | M] () -- C:\ProgramData\M3GgxpPfKiHyds
[2012/01/24 14:35:33 | 000,000,344 | -H-- | M] () -- C:\ProgramData\JoRNfhef5SJZbA
[2012/01/24 14:35:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hiMkwugb75KVLw
[2012/01/24 14:34:53 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Rm9vKzlzc4drq1
[2012/01/24 14:34:34 | 000,000,328 | -H-- | M] () -- C:\ProgramData\9tGaSn2Gp0p2wI
[2012/01/24 14:34:13 | 000,000,344 | -H-- | M] () -- C:\ProgramData\pm2Of1Yu2MX5L3
[2012/01/24 14:33:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hRw3rpztWEEFmy
[2012/01/24 14:33:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\DjE6rn9gQ9jRxA
[2012/01/24 14:33:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\mDrA70h7RX7dOb
[2012/01/24 14:32:54 | 000,000,328 | -H-- | M] () -- C:\ProgramData\pGfhLHUgd7IVHD
[2012/01/24 14:32:34 | 000,000,344 | -H-- | M] () -- C:\ProgramData\tmsMu9MVOuGPpo
[2012/01/24 14:32:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\YetgdXnrhHCgEx
[2012/01/24 14:31:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ckvE6rqAmqZu7E
[2012/01/24 14:31:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\SZfr4ecLzYfzUp
[2012/01/24 14:31:16 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WUuQUH8p7WDi0U
[2012/01/24 14:30:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\NiYRSfZhfybfmB
[2012/01/24 14:30:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\dooZRulERZ34By
[2012/01/24 14:30:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Y9FwEBQB0Be7SF
[2012/01/24 14:29:43 | 000,000,344 | -H-- | M] () -- C:\ProgramData\emR5wx7S29RdnR
[2012/01/24 14:29:20 | 000,000,336 | -H-- | M] () -- C:\ProgramData\iTRSLDZypclAL6
[2012/01/24 14:29:00 | 000,000,344 | -H-- | M] () -- C:\ProgramData\FHZzy9SzEVJ1qY
[2012/01/24 14:28:37 | 000,000,336 | -H-- | M] () -- C:\ProgramData\DC77Q4BoUMbaVi
[2012/01/24 14:28:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\1fK8LeUVCUMhkY
[2012/01/24 14:27:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\agSuDsi2n8Yuw4
[2012/01/24 14:27:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Q6iME2tyl2k1YH
[2012/01/24 14:27:17 | 000,000,344 | -H-- | M] () -- C:\ProgramData\jT21dP9WqMOtv9
[2012/01/24 14:26:56 | 000,000,344 | -H-- | M] () -- C:\ProgramData\ujtmMafY5oPNgw
[2012/01/24 14:26:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Tv9uL3cGrv7crk
[2012/01/24 14:26:17 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XCxaxn9LpoRVWn
[2012/01/24 14:25:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\oXgMWvIKR5RI6B
[2012/01/24 14:25:39 | 000,000,336 | -H-- | M] () -- C:\ProgramData\AoZO2dc3W9tFQj
[2012/01/24 14:25:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\rQn4i1keP2KvZx
[2012/01/24 14:24:58 | 000,000,344 | -H-- | M] () -- C:\ProgramData\tMPdUr153sbpsb
[2012/01/24 14:24:37 | 000,000,344 | -H-- | M] () -- C:\ProgramData\G7kzjCfUPexKho
[2012/01/24 14:24:18 | 000,000,336 | -H-- | M] () -- C:\ProgramData\adVchFuDNigd5M
[2012/01/24 14:23:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\cpEgxWWBQTnPyF
[2012/01/24 14:23:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ZUjxffZqq6t9QI
[2012/01/24 14:23:14 | 000,000,344 | -H-- | M] () -- C:\ProgramData\FsAYvABX8OigAn
[2012/01/24 14:22:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\m4N5STkBWkfM79
[2012/01/24 14:22:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XdoTsuhCLAmlIF
[2012/01/24 14:22:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VZTDkZCBX17EBi
[2012/01/24 14:21:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\jBXBGXWAtELWXD
[2012/01/24 14:21:32 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zV8gmttZ0NaxjA
[2012/01/24 14:21:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\iRNWvtytAsGKkJ
[2012/01/24 14:20:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\3eF4gWZw1oM7ws
[2012/01/24 14:20:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\uXlTMZNxIkx7hj
[2012/01/24 14:20:03 | 000,000,344 | -H-- | M] () -- C:\ProgramData\CdjT9ijYLKNrpl
[2012/01/24 14:19:42 | 000,000,344 | -H-- | M] () -- C:\ProgramData\aHjWBJN8wrwT3m
[2012/01/24 14:19:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\scdz4WgclJiDoC
[2012/01/24 14:19:01 | 000,000,336 | -H-- | M] () -- C:\ProgramData\c6zjaUdt5pcr55
[2012/01/24 14:18:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\8P4MLnR1c8sKcK
[2012/01/24 14:18:04 | 000,000,336 | -H-- | M] () -- C:\ProgramData\gz2c0Q9M1izwsY
[2012/01/24 14:17:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\3oXVfhks7WfFFK
[2012/01/24 14:17:23 | 000,000,336 | -H-- | M] () -- C:\ProgramData\xqXMTqEhkEsdS5
[2012/01/24 14:17:02 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9l7VHSZuIRr7qy
[2012/01/24 14:16:40 | 000,000,336 | -H-- | M] () -- C:\ProgramData\YcoQnfYdUKNeE2
[2012/01/24 14:16:21 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ZUZKrhiIhkvYAf
[2012/01/24 14:15:58 | 000,000,344 | -H-- | M] () -- C:\ProgramData\f1xhW5gIkFPhhu
[2012/01/24 14:15:36 | 000,000,328 | -H-- | M] () -- C:\ProgramData\HTsnBKV101P0r0
[2012/01/24 14:15:17 | 000,000,336 | -H-- | M] () -- C:\ProgramData\lW9NpOL4Fm8Wzw
[2012/01/24 14:14:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\al8gC2Jf1pXhMT
[2012/01/24 14:14:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\N7UOAOt8Szywvd
[2012/01/24 14:14:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\cxHn0LPChAHFED
[2012/01/24 14:13:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\XMQL37HzcaCWPH
[2012/01/24 14:13:20 | 000,000,336 | -H-- | M] () -- C:\ProgramData\I2BZTwjXVB1XXE
[2012/01/24 14:12:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Ew85HQIjs6pPXk
[2012/01/24 14:12:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hzAPg1q1lHDmD2
[2012/01/24 14:11:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\pSlU8MHs55ayf3
[2012/01/24 14:11:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ayXmRRJRcuY568
[2012/01/24 14:11:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VPGgBCnFI64x1n
[2012/01/24 14:10:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\wBAEUEVJqeeH8G
[2012/01/24 14:10:30 | 000,000,344 | -H-- | M] () -- C:\ProgramData\5f3HpNxpMzdC0l
[2012/01/24 14:10:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\O2sTgCzh4Ahp3c
[2012/01/24 14:09:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\k95DThl6H987VS
[2012/01/24 14:09:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VH38xwuVfgjYFN
[2012/01/24 14:08:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\sLEmNgX2cczX9w
[2012/01/24 14:08:33 | 000,000,344 | -H-- | M] () -- C:\ProgramData\DE9FSWYA97u05o
[2012/01/24 14:07:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\L7vErn7dNvmfRN
[2012/01/24 14:07:38 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b4XCAoS8hQAyDd
[2012/01/24 14:07:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\u71mz2XmJChXUi
[2012/01/24 14:06:50 | 000,000,344 | -H-- | M] () -- C:\ProgramData\WCseGDGeYJrSR2
[2012/01/24 14:06:28 | 000,000,336 | -H-- | M] () -- C:\ProgramData\N8zum29onq5eUi
[2012/01/24 14:05:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\RBrr9x0pzE2bwc
[2012/01/24 14:05:06 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WXfaAwBNgFItsS
[2012/01/24 14:04:43 | 000,000,344 | -H-- | M] () -- C:\ProgramData\v6tZnCUzPjcX4e
[2012/01/24 14:04:02 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Nw4NAyNh1rJKRx
[2012/01/24 14:03:01 | 000,000,344 | -H-- | M] () -- C:\ProgramData\WDql8jkvfNRiN0
[2012/01/24 13:47:51 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/24 13:47:51 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/23 19:51:41 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~kACM3twrJ1HMg0
[2012/01/23 19:15:44 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~kACM3twrJ1HMg0r
[2012/01/23 19:12:40 | 000,000,456 | -H-- | M] () -- C:\ProgramData\kACM3twrJ1HMg0
[2012/01/23 18:59:25 | 000,445,688 | -H-- | M] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
[2012/01/23 15:27:50 | 000,000,426 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2012/01/23 09:59:28 | 087,259,922 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/31 13:17:29 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/31 13:17:29 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\p


Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Check - just like t25286 OTL Post2

Post by Blues5340 on Fri Jan 27, 2012 9:52 pm

This is Post 2 of OTL.txt



[2011/12/31 13:17:29 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/31 13:17:29 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/30 14:47:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/01/24 16:03:15 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~Rl5upFXK7MUc5u
[2012/01/24 16:03:15 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~Rl5upFXK7MUc5ur
[2012/01/24 16:03:14 | 000,000,679 | -H-- | C] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/24 16:03:14 | 000,000,655 | -H-- | C] () -- C:\Users\Neil\Desktop\System Check.lnk
[2012/01/24 16:02:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Rl5upFXK7MUc5u
[2012/01/24 16:02:46 | 000,353,016 | -H-- | C] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
[2012/01/24 14:56:02 | 000,000,344 | -H-- | C] () -- C:\ProgramData\UUbf31FPrywISj
[2012/01/24 14:55:45 | 000,000,336 | -H-- | C] () -- C:\ProgramData\uVAwl8dJzFzXCs
[2012/01/24 14:55:26 | 000,000,336 | -H-- | C] () -- C:\ProgramData\xHL47S1x2nY8H9
[2012/01/24 14:55:05 | 000,000,352 | -H-- | C] () -- C:\ProgramData\TRJAs23erdib7R
[2012/01/24 14:54:48 | 000,000,336 | -H-- | C] () -- C:\ProgramData\hyUox8QGmNSSFC
[2012/01/24 14:54:32 | 000,000,344 | -H-- | C] () -- C:\ProgramData\HKawUnc5AI26Hu
[2012/01/24 14:54:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\EVmbQXL2uC0hQf
[2012/01/24 14:53:59 | 000,000,328 | -H-- | C] () -- C:\ProgramData\UBCeSH83k3uSCj
[2012/01/24 14:53:42 | 000,000,344 | -H-- | C] () -- C:\ProgramData\Chjsw4OqbIsm85
[2012/01/24 14:53:19 | 000,000,344 | -H-- | C] () -- C:\ProgramData\jEBJ3Il1AID3o2
[2012/01/24 14:52:51 | 000,000,336 | -H-- | C] () -- C:\ProgramData\t8ctDO6ELwRE6a
[2012/01/24 14:52:32 | 000,000,344 | -H-- | C] () -- C:\ProgramData\IRA8rdEXkFpctt
[2012/01/24 14:52:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\QJgSaKnOXKhxND
[2012/01/24 14:51:52 | 000,000,336 | -H-- | C] () -- C:\ProgramData\2HXHIrF0m5fqGz
[2012/01/24 14:51:29 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Meix5Mbswk1PEw
[2012/01/24 14:51:09 | 000,000,336 | -H-- | C] () -- C:\ProgramData\b9qQDfAQko3pKq
[2012/01/24 14:50:50 | 000,000,336 | -H-- | C] () -- C:\ProgramData\TbprYGWJcWcdVl
[2012/01/24 14:50:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\RLZlE6RvgE4AZ2
[2012/01/24 14:50:13 | 000,000,336 | -H-- | C] () -- C:\ProgramData\aL3RUa1xLyjQah
[2012/01/24 14:49:53 | 000,000,344 | -H-- | C] () -- C:\ProgramData\ZFCH1oTACD03us
[2012/01/24 14:48:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Wl3U1TrsAXviLf
[2012/01/24 14:48:13 | 000,000,336 | -H-- | C] () -- C:\ProgramData\vgHuCE3PhtH1mg
[2012/01/24 14:47:51 | 000,000,328 | -H-- | C] () -- C:\ProgramData\dSoesqsbOSJeLJ
[2012/01/24 14:47:31 | 000,000,336 | -H-- | C] () -- C:\ProgramData\XO9tlPH9iMkqzt
[2012/01/24 14:47:11 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ao74IMqniYp9CW
[2012/01/24 14:46:52 | 000,000,344 | -H-- | C] () -- C:\ProgramData\YjH5uc6OR9Vsa1
[2012/01/24 14:46:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\i7nEOPvRAnRWnt
[2012/01/24 14:46:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ds658h5rowL2Rw
[2012/01/24 14:45:54 | 000,000,336 | -H-- | C] () -- C:\ProgramData\WJf2OPmlcFb0CA
[2012/01/24 14:45:33 | 000,000,336 | -H-- | C] () -- C:\ProgramData\d8hes7T8z5U98v
[2012/01/24 14:45:15 | 000,000,344 | -H-- | C] () -- C:\ProgramData\f906iXlvxmsAHI
[2012/01/24 14:44:55 | 000,000,344 | -H-- | C] () -- C:\ProgramData\CyBsnJ4UfILC1X
[2012/01/24 14:44:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\zmVnsXz4xtdy5p
[2012/01/24 14:44:08 | 000,000,344 | -H-- | C] () -- C:\ProgramData\oW9SYmIY5DmiAl
[2012/01/24 14:43:45 | 000,000,344 | -H-- | C] () -- C:\ProgramData\lSzdVYpVcllGcg
[2012/01/24 14:43:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Akt8yz4HzSGjlZ
[2012/01/24 14:43:07 | 000,000,336 | -H-- | C] () -- C:\ProgramData\zrBWs4KQ44LrAl
[2012/01/24 14:42:46 | 000,000,328 | -H-- | C] () -- C:\ProgramData\dtcIUffI7VJJ55
[2012/01/24 14:42:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\2rb0xDw7llGb5P
[2012/01/24 14:42:04 | 000,000,336 | -H-- | C] () -- C:\ProgramData\2NmnkjakPFna0U
[2012/01/24 14:41:43 | 000,000,336 | -H-- | C] () -- C:\ProgramData\dkDjVsIFcrcKaL
[2012/01/24 14:41:16 | 000,000,344 | -H-- | C] () -- C:\ProgramData\C4lhEWXRbJCJ68
[2012/01/24 14:40:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\tJaUQLlfGSTedg
[2012/01/24 14:40:33 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ysTgHMgEEtDGPJ
[2012/01/24 14:40:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Dcfz1fq9ZhFCZ3
[2012/01/24 14:39:53 | 000,000,328 | -H-- | C] () -- C:\ProgramData\82wDjsfyswswZq
[2012/01/24 14:39:32 | 000,000,328 | -H-- | C] () -- C:\ProgramData\wSenr5f5FncgrK
[2012/01/24 14:39:13 | 000,000,344 | -H-- | C] () -- C:\ProgramData\4EpPQ1Dqij9FLC
[2012/01/24 14:38:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\T2mpRva1J3ydU1
[2012/01/24 14:38:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\1A6gACTPHfytGx
[2012/01/24 14:38:13 | 000,000,336 | -H-- | C] () -- C:\ProgramData\5U3oQkkA99T8Cv
[2012/01/24 14:37:54 | 000,000,328 | -H-- | C] () -- C:\ProgramData\FoQ8IMyZn0oQQJ
[2012/01/24 14:37:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\b9Wo1TZP2laDb8
[2012/01/24 14:37:11 | 000,000,344 | -H-- | C] () -- C:\ProgramData\w4EcQnULf7JeDf
[2012/01/24 14:36:52 | 000,000,336 | -H-- | C] () -- C:\ProgramData\WMpIXHpcMH3Jo4
[2012/01/24 14:36:31 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Th0LbT3RSTNuPo
[2012/01/24 14:36:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\IFoNo44MhEV40C
[2012/01/24 14:35:53 | 000,000,328 | -H-- | C] () -- C:\ProgramData\M3GgxpPfKiHyds
[2012/01/24 14:35:33 | 000,000,344 | -H-- | C] () -- C:\ProgramData\JoRNfhef5SJZbA
[2012/01/24 14:35:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\hiMkwugb75KVLw
[2012/01/24 14:34:53 | 000,000,344 | -H-- | C] () -- C:\ProgramData\Rm9vKzlzc4drq1
[2012/01/24 14:34:34 | 000,000,328 | -H-- | C] () -- C:\ProgramData\9tGaSn2Gp0p2wI
[2012/01/24 14:34:13 | 000,000,344 | -H-- | C] () -- C:\ProgramData\pm2Of1Yu2MX5L3
[2012/01/24 14:33:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\hRw3rpztWEEFmy
[2012/01/24 14:33:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\DjE6rn9gQ9jRxA
[2012/01/24 14:33:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\mDrA70h7RX7dOb
[2012/01/24 14:32:54 | 000,000,328 | -H-- | C] () -- C:\ProgramData\pGfhLHUgd7IVHD
[2012/01/24 14:32:34 | 000,000,344 | -H-- | C] () -- C:\ProgramData\tmsMu9MVOuGPpo
[2012/01/24 14:32:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\YetgdXnrhHCgEx
[2012/01/24 14:31:56 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ckvE6rqAmqZu7E
[2012/01/24 14:31:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\SZfr4ecLzYfzUp
[2012/01/24 14:31:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\WUuQUH8p7WDi0U
[2012/01/24 14:30:52 | 000,000,336 | -H-- | C] () -- C:\ProgramData\NiYRSfZhfybfmB
[2012/01/24 14:30:31 | 000,000,336 | -H-- | C] () -- C:\ProgramData\dooZRulERZ34By
[2012/01/24 14:30:11 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Y9FwEBQB0Be7SF
[2012/01/24 14:29:43 | 000,000,344 | -H-- | C] () -- C:\ProgramData\emR5wx7S29RdnR
[2012/01/24 14:29:20 | 000,000,336 | -H-- | C] () -- C:\ProgramData\iTRSLDZypclAL6
[2012/01/24 14:29:00 | 000,000,344 | -H-- | C] () -- C:\ProgramData\FHZzy9SzEVJ1qY
[2012/01/24 14:28:37 | 000,000,336 | -H-- | C] () -- C:\ProgramData\DC77Q4BoUMbaVi
[2012/01/24 14:28:18 | 000,000,344 | -H-- | C] () -- C:\ProgramData\1fK8LeUVCUMhkY
[2012/01/24 14:27:56 | 000,000,336 | -H-- | C] () -- C:\ProgramData\agSuDsi2n8Yuw4
[2012/01/24 14:27:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Q6iME2tyl2k1YH
[2012/01/24 14:27:17 | 000,000,344 | -H-- | C] () -- C:\ProgramData\jT21dP9WqMOtv9
[2012/01/24 14:26:56 | 000,000,344 | -H-- | C] () -- C:\ProgramData\ujtmMafY5oPNgw
[2012/01/24 14:26:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Tv9uL3cGrv7crk
[2012/01/24 14:26:17 | 000,000,336 | -H-- | C] () -- C:\ProgramData\XCxaxn9LpoRVWn
[2012/01/24 14:25:58 | 000,000,336 | -H-- | C] () -- C:\ProgramData\oXgMWvIKR5RI6B
[2012/01/24 14:25:39 | 000,000,336 | -H-- | C] () -- C:\ProgramData\AoZO2dc3W9tFQj
[2012/01/24 14:25:18 | 000,000,344 | -H-- | C] () -- C:\ProgramData\rQn4i1keP2KvZx
[2012/01/24 14:24:58 | 000,000,344 | -H-- | C] () -- C:\ProgramData\tMPdUr153sbpsb
[2012/01/24 14:24:37 | 000,000,344 | -H-- | C] () -- C:\ProgramData\G7kzjCfUPexKho
[2012/01/24 14:24:17 | 000,000,336 | -H-- | C] () -- C:\ProgramData\adVchFuDNigd5M
[2012/01/24 14:23:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\cpEgxWWBQTnPyF
[2012/01/24 14:23:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ZUjxffZqq6t9QI
[2012/01/24 14:23:13 | 000,000,344 | -H-- | C] () -- C:\ProgramData\FsAYvABX8OigAn
[2012/01/24 14:22:54 | 000,000,336 | -H-- | C] () -- C:\ProgramData\m4N5STkBWkfM79
[2012/01/24 14:22:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\XdoTsuhCLAmlIF
[2012/01/24 14:22:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\VZTDkZCBX17EBi
[2012/01/24 14:21:52 | 000,000,336 | -H-- | C] () -- C:\ProgramData\jBXBGXWAtELWXD
[2012/01/24 14:21:32 | 000,000,336 | -H-- | C] () -- C:\ProgramData\zV8gmttZ0NaxjA
[2012/01/24 14:21:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\iRNWvtytAsGKkJ
[2012/01/24 14:20:51 | 000,000,336 | -H-- | C] () -- C:\ProgramData\3eF4gWZw1oM7ws
[2012/01/24 14:20:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\uXlTMZNxIkx7hj
[2012/01/24 14:20:03 | 000,000,344 | -H-- | C] () -- C:\ProgramData\CdjT9ijYLKNrpl
[2012/01/24 14:19:42 | 000,000,344 | -H-- | C] () -- C:\ProgramData\aHjWBJN8wrwT3m
[2012/01/24 14:19:22 | 000,000,336 | -H-- | C] () -- C:\ProgramData\scdz4WgclJiDoC
[2012/01/24 14:19:01 | 000,000,336 | -H-- | C] () -- C:\ProgramData\c6zjaUdt5pcr55
[2012/01/24 14:18:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\8P4MLnR1c8sKcK
[2012/01/24 14:18:04 | 000,000,336 | -H-- | C] () -- C:\ProgramData\gz2c0Q9M1izwsY
[2012/01/24 14:17:44 | 000,000,328 | -H-- | C] () -- C:\ProgramData\3oXVfhks7WfFFK
[2012/01/24 14:17:23 | 000,000,336 | -H-- | C] () -- C:\ProgramData\xqXMTqEhkEsdS5
[2012/01/24 14:17:02 | 000,000,336 | -H-- | C] () -- C:\ProgramData\9l7VHSZuIRr7qy
[2012/01/24 14:16:40 | 000,000,336 | -H-- | C] () -- C:\ProgramData\YcoQnfYdUKNeE2
[2012/01/24 14:16:21 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ZUZKrhiIhkvYAf
[2012/01/24 14:15:58 | 000,000,344 | -H-- | C] () -- C:\ProgramData\f1xhW5gIkFPhhu
[2012/01/24 14:15:36 | 000,000,328 | -H-- | C] () -- C:\ProgramData\HTsnBKV101P0r0
[2012/01/24 14:15:17 | 000,000,336 | -H-- | C] () -- C:\ProgramData\lW9NpOL4Fm8Wzw
[2012/01/24 14:14:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\al8gC2Jf1pXhMT
[2012/01/24 14:14:31 | 000,000,336 | -H-- | C] () -- C:\ProgramData\N7UOAOt8Szywvd
[2012/01/24 14:14:07 | 000,000,336 | -H-- | C] () -- C:\ProgramData\cxHn0LPChAHFED
[2012/01/24 14:13:44 | 000,000,328 | -H-- | C] () -- C:\ProgramData\XMQL37HzcaCWPH
[2012/01/24 14:13:20 | 000,000,336 | -H-- | C] () -- C:\ProgramData\I2BZTwjXVB1XXE
[2012/01/24 14:12:56 | 000,000,336 | -H-- | C] () -- C:\ProgramData\Ew85HQIjs6pPXk
[2012/01/24 14:12:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\hzAPg1q1lHDmD2
[2012/01/24 14:11:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\pSlU8MHs55ayf3
[2012/01/24 14:11:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\ayXmRRJRcuY568
[2012/01/24 14:11:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\VPGgBCnFI64x1n
[2012/01/24 14:10:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\wBAEUEVJqeeH8G
[2012/01/24 14:10:30 | 000,000,344 | -H-- | C] () -- C:\ProgramData\5f3HpNxpMzdC0l
[2012/01/24 14:10:05 | 000,000,344 | -H-- | C] () -- C:\ProgramData\O2sTgCzh4Ahp3c
[2012/01/24 14:09:42 | 000,000,336 | -H-- | C] () -- C:\ProgramData\k95DThl6H987VS
[2012/01/24 14:09:22 | 000,000,336 | -H-- | C] () -- C:\ProgramData\VH38xwuVfgjYFN
[2012/01/24 14:08:53 | 000,000,336 | -H-- | C] () -- C:\ProgramData\sLEmNgX2cczX9w
[2012/01/24 14:08:33 | 000,000,344 | -H-- | C] () -- C:\ProgramData\DE9FSWYA97u05o
[2012/01/24 14:07:58 | 000,000,336 | -H-- | C] () -- C:\ProgramData\L7vErn7dNvmfRN
[2012/01/24 14:07:38 | 000,000,336 | -H-- | C] () -- C:\ProgramData\b4XCAoS8hQAyDd
[2012/01/24 14:07:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\u71mz2XmJChXUi
[2012/01/24 14:06:50 | 000,000,344 | -H-- | C] () -- C:\ProgramData\WCseGDGeYJrSR2
[2012/01/24 14:06:28 | 000,000,336 | -H-- | C] () -- C:\ProgramData\N8zum29onq5eUi
[2012/01/24 14:05:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\RBrr9x0pzE2bwc
[2012/01/24 14:05:06 | 000,000,336 | -H-- | C] () -- C:\ProgramData\WXfaAwBNgFItsS
[2012/01/24 14:04:43 | 000,000,344 | -H-- | C] () -- C:\ProgramData\v6tZnCUzPjcX4e
[2012/01/24 14:04:02 | 000,000,344 | -H-- | C] () -- C:\ProgramData\Nw4NAyNh1rJKRx
[2012/01/24 14:03:01 | 000,000,344 | -H-- | C] () -- C:\ProgramData\WDql8jkvfNRiN0
[2012/01/23 19:15:44 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~kACM3twrJ1HMg0
[2012/01/23 19:15:44 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~kACM3twrJ1HMg0r
[2012/01/23 19:10:49 | 000,000,456 | -H-- | C] () -- C:\ProgramData\kACM3twrJ1HMg0
[2012/01/23 19:02:25 | 000,445,688 | -H-- | C] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
[2011/12/20 21:23:32 | 000,010,822 | -HS- | C] () -- C:\Users\Neil\AppData\Local\dmyib3jr58pr237op308dq2c28y2k
[2011/12/20 21:23:32 | 000,010,822 | -HS- | C] () -- C:\ProgramData\dmyib3jr58pr237op308dq2c28y2k
[2011/06/27 18:43:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/27 18:43:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/30 15:09:17 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/01/30 15:09:17 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2011/01/30 15:08:55 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2011/01/30 15:08:55 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/01/30 15:08:45 | 000,000,426 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/30 15:08:45 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2011/01/30 15:07:40 | 000,000,310 | -H-- | C] () -- C:\Windows\Brownie.ini
[2011/01/18 13:05:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/01/18 13:05:55 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/01/18 13:05:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/01/18 13:05:55 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/01/18 13:05:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/01/18 13:05:55 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/01/18 13:05:55 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/01/18 13:05:55 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/01/18 13:05:55 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/01/18 13:05:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/01/18 13:05:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/01/18 13:05:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/01/18 13:05:55 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/01/18 13:05:55 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/01/18 13:05:55 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/01/18 13:05:55 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/01/18 13:01:20 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV30V300.ini
[2011/01/06 04:27:38 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/06 04:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/06 04:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/06 04:27:38 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/06 04:27:38 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/06 03:38:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/02/09 21:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/12/21 12:38:18 | 076,369,088 | -H-- | M] (Microsoft Corporation) -- C:\Users\Neil\Desktop\msert.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/12/17 07:02:00 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/12/17 07:01:59 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2011/12/17 07:01:59 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/01/25 16:14:39 | 000,000,044 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\log.txt

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/01/18 13:19:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint
[2011/08/21 08:59:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/01/19 20:47:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnswersThatWork
[2011/01/18 13:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2011/01/17 19:33:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2011/01/30 15:08:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
[2011/01/30 15:08:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brownie
[2011/01/06 03:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CinemaNow
[2011/08/21 08:59:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/01/06 03:42:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/01/18 13:19:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2011/01/18 13:07:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Epson Software
[2011/12/27 13:54:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/01/06 03:55:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/01/06 03:39:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2011/01/18 19:17:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/01/30 15:08:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/01/06 03:38:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/12/17 03:20:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/06/27 18:57:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/01/06 03:56:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
[2011/01/18 16:12:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavasoft
[2011/03/14 02:00:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/01/17 13:33:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/10/18 02:23:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/01/16 16:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/01/17 13:33:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/01/17 13:31:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/01/19 03:03:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/01/06 03:43:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2011/02/08 03:00:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/12/17 07:02:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/17 13:33:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/01/19 03:04:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/01/06 03:56:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
[2011/01/06 03:57:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2011/01/06 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/01/16 16:57:24 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/01/06 03:35:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
[2011/01/06 03:48:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/10/06 18:10:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
[2011/01/06 03:35:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/01/06 03:48:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2011/01/06 03:35:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/01/18 19:17:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/01/16 16:56:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/01/16 16:55:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/01/18 11:25:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/01/18 11:25:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/01/16 16:57:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/01/06 03:56:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2010/03/03 22:51:40 | 000,540,696 | -H-- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/01/06 04:25:53 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/01/06 04:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/17 07:01:59 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/17 07:02:00 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >

Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Belahzur on Tue Jan 31, 2012 1:00 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    PRC - [2012/01/24 16:02:46 | 000,353,016 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
    PRC - [2012/01/23 18:59:25 | 000,445,688 | -H-- | M] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [nMdQvhGrqSMKfoq.exe] C:\ProgramData\nMdQvhGrqSMKfoq.exe ()
    [2012/01/24 16:03:15 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~Rl5upFXK7MUc5u
    [2012/01/24 16:03:15 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~Rl5upFXK7MUc5ur
    [2012/01/24 16:03:14 | 000,000,679 | -H-- | M] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/24 16:03:14 | 000,000,655 | -H-- | M] () -- C:\Users\Neil\Desktop\System Check.lnk
    [2012/01/24 16:02:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u
    [2012/01/24 16:02:46 | 000,353,016 | -H-- | M] () -- C:\ProgramData\Rl5upFXK7MUc5u.exe
    [2012/01/24 14:56:02 | 000,000,344 | -H-- | M] () -- C:\ProgramData\UUbf31FPrywISj
    [2012/01/24 14:55:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\uVAwl8dJzFzXCs
    [2012/01/24 14:55:26 | 000,000,336 | -H-- | M] () -- C:\ProgramData\xHL47S1x2nY8H9
    [2012/01/24 14:55:05 | 000,000,352 | -H-- | M] () -- C:\ProgramData\TRJAs23erdib7R
    [2012/01/24 14:54:48 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hyUox8QGmNSSFC
    [2012/01/24 14:54:32 | 000,000,344 | -H-- | M] () -- C:\ProgramData\HKawUnc5AI26Hu
    [2012/01/24 14:54:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\EVmbQXL2uC0hQf
    [2012/01/24 14:53:59 | 000,000,328 | -H-- | M] () -- C:\ProgramData\UBCeSH83k3uSCj
    [2012/01/24 14:53:42 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Chjsw4OqbIsm85
    [2012/01/24 14:53:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\jEBJ3Il1AID3o2
    [2012/01/24 14:52:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\t8ctDO6ELwRE6a
    [2012/01/24 14:52:32 | 000,000,344 | -H-- | M] () -- C:\ProgramData\IRA8rdEXkFpctt
    [2012/01/24 14:52:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\QJgSaKnOXKhxND
    [2012/01/24 14:51:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2HXHIrF0m5fqGz
    [2012/01/24 14:51:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Meix5Mbswk1PEw
    [2012/01/24 14:51:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b9qQDfAQko3pKq
    [2012/01/24 14:50:50 | 000,000,336 | -H-- | M] () -- C:\ProgramData\TbprYGWJcWcdVl
    [2012/01/24 14:50:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\RLZlE6RvgE4AZ2
    [2012/01/24 14:50:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\aL3RUa1xLyjQah
    [2012/01/24 14:49:53 | 000,000,344 | -H-- | M] () -- C:\ProgramData\ZFCH1oTACD03us
    [2012/01/24 14:48:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Wl3U1TrsAXviLf
    [2012/01/24 14:48:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\vgHuCE3PhtH1mg
    [2012/01/24 14:47:51 | 000,000,328 | -H-- | M] () -- C:\ProgramData\dSoesqsbOSJeLJ
    [2012/01/24 14:47:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XO9tlPH9iMkqzt
    [2012/01/24 14:47:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ao74IMqniYp9CW
    [2012/01/24 14:46:52 | 000,000,344 | -H-- | M] () -- C:\ProgramData\YjH5uc6OR9Vsa1
    [2012/01/24 14:46:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\i7nEOPvRAnRWnt
    [2012/01/24 14:46:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ds658h5rowL2Rw
    [2012/01/24 14:45:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WJf2OPmlcFb0CA
    [2012/01/24 14:45:33 | 000,000,336 | -H-- | M] () -- C:\ProgramData\d8hes7T8z5U98v
    [2012/01/24 14:45:15 | 000,000,344 | -H-- | M] () -- C:\ProgramData\f906iXlvxmsAHI
    [2012/01/24 14:44:55 | 000,000,344 | -H-- | M] () -- C:\ProgramData\CyBsnJ4UfILC1X
    [2012/01/24 14:44:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zmVnsXz4xtdy5p
    [2012/01/24 14:44:08 | 000,000,344 | -H-- | M] () -- C:\ProgramData\oW9SYmIY5DmiAl
    [2012/01/24 14:43:45 | 000,000,344 | -H-- | M] () -- C:\ProgramData\lSzdVYpVcllGcg
    [2012/01/24 14:43:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Akt8yz4HzSGjlZ
    [2012/01/24 14:43:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zrBWs4KQ44LrAl
    [2012/01/24 14:42:46 | 000,000,328 | -H-- | M] () -- C:\ProgramData\dtcIUffI7VJJ55
    [2012/01/24 14:42:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2rb0xDw7llGb5P
    [2012/01/24 14:42:04 | 000,000,336 | -H-- | M] () -- C:\ProgramData\2NmnkjakPFna0U
    [2012/01/24 14:41:43 | 000,000,336 | -H-- | M] () -- C:\ProgramData\dkDjVsIFcrcKaL
    [2012/01/24 14:41:16 | 000,000,344 | -H-- | M] () -- C:\ProgramData\C4lhEWXRbJCJ68
    [2012/01/24 14:40:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\tJaUQLlfGSTedg
    [2012/01/24 14:40:33 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ysTgHMgEEtDGPJ
    [2012/01/24 14:40:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Dcfz1fq9ZhFCZ3
    [2012/01/24 14:39:53 | 000,000,328 | -H-- | M] () -- C:\ProgramData\82wDjsfyswswZq
    [2012/01/24 14:39:32 | 000,000,328 | -H-- | M] () -- C:\ProgramData\wSenr5f5FncgrK
    [2012/01/24 14:39:13 | 000,000,344 | -H-- | M] () -- C:\ProgramData\4EpPQ1Dqij9FLC
    [2012/01/24 14:38:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\T2mpRva1J3ydU1
    [2012/01/24 14:38:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\1A6gACTPHfytGx
    [2012/01/24 14:38:13 | 000,000,336 | -H-- | M] () -- C:\ProgramData\5U3oQkkA99T8Cv
    [2012/01/24 14:37:54 | 000,000,328 | -H-- | M] () -- C:\ProgramData\FoQ8IMyZn0oQQJ
    [2012/01/24 14:37:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b9Wo1TZP2laDb8
    [2012/01/24 14:37:11 | 000,000,344 | -H-- | M] () -- C:\ProgramData\w4EcQnULf7JeDf
    [2012/01/24 14:36:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WMpIXHpcMH3Jo4
    [2012/01/24 14:36:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Th0LbT3RSTNuPo
    [2012/01/24 14:36:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\IFoNo44MhEV40C
    [2012/01/24 14:35:53 | 000,000,328 | -H-- | M] () -- C:\ProgramData\M3GgxpPfKiHyds
    [2012/01/24 14:35:33 | 000,000,344 | -H-- | M] () -- C:\ProgramData\JoRNfhef5SJZbA
    [2012/01/24 14:35:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hiMkwugb75KVLw
    [2012/01/24 14:34:53 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Rm9vKzlzc4drq1
    [2012/01/24 14:34:34 | 000,000,328 | -H-- | M] () -- C:\ProgramData\9tGaSn2Gp0p2wI
    [2012/01/24 14:34:13 | 000,000,344 | -H-- | M] () -- C:\ProgramData\pm2Of1Yu2MX5L3
    [2012/01/24 14:33:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hRw3rpztWEEFmy
    [2012/01/24 14:33:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\DjE6rn9gQ9jRxA
    [2012/01/24 14:33:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\mDrA70h7RX7dOb
    [2012/01/24 14:32:54 | 000,000,328 | -H-- | M] () -- C:\ProgramData\pGfhLHUgd7IVHD
    [2012/01/24 14:32:34 | 000,000,344 | -H-- | M] () -- C:\ProgramData\tmsMu9MVOuGPpo
    [2012/01/24 14:32:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\YetgdXnrhHCgEx
    [2012/01/24 14:31:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ckvE6rqAmqZu7E
    [2012/01/24 14:31:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\SZfr4ecLzYfzUp
    [2012/01/24 14:31:16 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WUuQUH8p7WDi0U
    [2012/01/24 14:30:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\NiYRSfZhfybfmB
    [2012/01/24 14:30:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\dooZRulERZ34By
    [2012/01/24 14:30:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Y9FwEBQB0Be7SF
    [2012/01/24 14:29:43 | 000,000,344 | -H-- | M] () -- C:\ProgramData\emR5wx7S29RdnR
    [2012/01/24 14:29:20 | 000,000,336 | -H-- | M] () -- C:\ProgramData\iTRSLDZypclAL6
    [2012/01/24 14:29:00 | 000,000,344 | -H-- | M] () -- C:\ProgramData\FHZzy9SzEVJ1qY
    [2012/01/24 14:28:37 | 000,000,336 | -H-- | M] () -- C:\ProgramData\DC77Q4BoUMbaVi
    [2012/01/24 14:28:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\1fK8LeUVCUMhkY
    [2012/01/24 14:27:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\agSuDsi2n8Yuw4
    [2012/01/24 14:27:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Q6iME2tyl2k1YH
    [2012/01/24 14:27:17 | 000,000,344 | -H-- | M] () -- C:\ProgramData\jT21dP9WqMOtv9
    [2012/01/24 14:26:56 | 000,000,344 | -H-- | M] () -- C:\ProgramData\ujtmMafY5oPNgw
    [2012/01/24 14:26:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Tv9uL3cGrv7crk
    [2012/01/24 14:26:17 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XCxaxn9LpoRVWn
    [2012/01/24 14:25:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\oXgMWvIKR5RI6B
    [2012/01/24 14:25:39 | 000,000,336 | -H-- | M] () -- C:\ProgramData\AoZO2dc3W9tFQj
    [2012/01/24 14:25:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\rQn4i1keP2KvZx
    [2012/01/24 14:24:58 | 000,000,344 | -H-- | M] () -- C:\ProgramData\tMPdUr153sbpsb
    [2012/01/24 14:24:37 | 000,000,344 | -H-- | M] () -- C:\ProgramData\G7kzjCfUPexKho
    [2012/01/24 14:24:18 | 000,000,336 | -H-- | M] () -- C:\ProgramData\adVchFuDNigd5M
    [2012/01/24 14:23:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\cpEgxWWBQTnPyF
    [2012/01/24 14:23:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ZUjxffZqq6t9QI
    [2012/01/24 14:23:14 | 000,000,344 | -H-- | M] () -- C:\ProgramData\FsAYvABX8OigAn
    [2012/01/24 14:22:54 | 000,000,336 | -H-- | M] () -- C:\ProgramData\m4N5STkBWkfM79
    [2012/01/24 14:22:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\XdoTsuhCLAmlIF
    [2012/01/24 14:22:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VZTDkZCBX17EBi
    [2012/01/24 14:21:52 | 000,000,336 | -H-- | M] () -- C:\ProgramData\jBXBGXWAtELWXD
    [2012/01/24 14:21:32 | 000,000,336 | -H-- | M] () -- C:\ProgramData\zV8gmttZ0NaxjA
    [2012/01/24 14:21:12 | 000,000,336 | -H-- | M] () -- C:\ProgramData\iRNWvtytAsGKkJ
    [2012/01/24 14:20:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\3eF4gWZw1oM7ws
    [2012/01/24 14:20:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\uXlTMZNxIkx7hj
    [2012/01/24 14:20:03 | 000,000,344 | -H-- | M] () -- C:\ProgramData\CdjT9ijYLKNrpl
    [2012/01/24 14:19:42 | 000,000,344 | -H-- | M] () -- C:\ProgramData\aHjWBJN8wrwT3m
    [2012/01/24 14:19:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\scdz4WgclJiDoC
    [2012/01/24 14:19:01 | 000,000,336 | -H-- | M] () -- C:\ProgramData\c6zjaUdt5pcr55
    [2012/01/24 14:18:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\8P4MLnR1c8sKcK
    [2012/01/24 14:18:04 | 000,000,336 | -H-- | M] () -- C:\ProgramData\gz2c0Q9M1izwsY
    [2012/01/24 14:17:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\3oXVfhks7WfFFK
    [2012/01/24 14:17:23 | 000,000,336 | -H-- | M] () -- C:\ProgramData\xqXMTqEhkEsdS5
    [2012/01/24 14:17:02 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9l7VHSZuIRr7qy
    [2012/01/24 14:16:40 | 000,000,336 | -H-- | M] () -- C:\ProgramData\YcoQnfYdUKNeE2
    [2012/01/24 14:16:21 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ZUZKrhiIhkvYAf
    [2012/01/24 14:15:58 | 000,000,344 | -H-- | M] () -- C:\ProgramData\f1xhW5gIkFPhhu
    [2012/01/24 14:15:36 | 000,000,328 | -H-- | M] () -- C:\ProgramData\HTsnBKV101P0r0
    [2012/01/24 14:15:17 | 000,000,336 | -H-- | M] () -- C:\ProgramData\lW9NpOL4Fm8Wzw
    [2012/01/24 14:14:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\al8gC2Jf1pXhMT
    [2012/01/24 14:14:31 | 000,000,336 | -H-- | M] () -- C:\ProgramData\N7UOAOt8Szywvd
    [2012/01/24 14:14:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\cxHn0LPChAHFED
    [2012/01/24 14:13:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\XMQL37HzcaCWPH
    [2012/01/24 14:13:20 | 000,000,336 | -H-- | M] () -- C:\ProgramData\I2BZTwjXVB1XXE
    [2012/01/24 14:12:56 | 000,000,336 | -H-- | M] () -- C:\ProgramData\Ew85HQIjs6pPXk
    [2012/01/24 14:12:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\hzAPg1q1lHDmD2
    [2012/01/24 14:11:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\pSlU8MHs55ayf3
    [2012/01/24 14:11:35 | 000,000,336 | -H-- | M] () -- C:\ProgramData\ayXmRRJRcuY568
    [2012/01/24 14:11:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VPGgBCnFI64x1n
    [2012/01/24 14:10:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\wBAEUEVJqeeH8G
    [2012/01/24 14:10:30 | 000,000,344 | -H-- | M] () -- C:\ProgramData\5f3HpNxpMzdC0l
    [2012/01/24 14:10:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\O2sTgCzh4Ahp3c
    [2012/01/24 14:09:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\k95DThl6H987VS
    [2012/01/24 14:09:22 | 000,000,336 | -H-- | M] () -- C:\ProgramData\VH38xwuVfgjYFN
    [2012/01/24 14:08:53 | 000,000,336 | -H-- | M] () -- C:\ProgramData\sLEmNgX2cczX9w
    [2012/01/24 14:08:33 | 000,000,344 | -H-- | M] () -- C:\ProgramData\DE9FSWYA97u05o
    [2012/01/24 14:07:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\L7vErn7dNvmfRN
    [2012/01/24 14:07:38 | 000,000,336 | -H-- | M] () -- C:\ProgramData\b4XCAoS8hQAyDd
    [2012/01/24 14:07:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\u71mz2XmJChXUi
    [2012/01/24 14:06:50 | 000,000,344 | -H-- | M] () -- C:\ProgramData\WCseGDGeYJrSR2
    [2012/01/24 14:06:28 | 000,000,336 | -H-- | M] () -- C:\ProgramData\N8zum29onq5eUi
    [2012/01/24 14:05:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\RBrr9x0pzE2bwc
    [2012/01/24 14:05:06 | 000,000,336 | -H-- | M] () -- C:\ProgramData\WXfaAwBNgFItsS
    [2012/01/24 14:04:43 | 000,000,344 | -H-- | M] () -- C:\ProgramData\v6tZnCUzPjcX4e
    [2012/01/24 14:04:02 | 000,000,344 | -H-- | M] () -- C:\ProgramData\Nw4NAyNh1rJKRx
    [2012/01/24 14:03:01 | 000,000,344 | -H-- | M] () -- C:\ProgramData\WDql8jkvfNRiN0
    [2012/01/23 19:51:41 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~kACM3twrJ1HMg0
    [2012/01/23 19:15:44 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~kACM3twrJ1HMg0r
    [2012/01/23 19:12:40 | 000,000,456 | -H-- | M] () -- C:\ProgramData\kACM3twrJ1HMg0
    [2012/01/23 18:59:25 | 000,445,688 | -H-- | M] () -- C:\ProgramData\nMdQvhGrqSMKfoq.exe
    [2011/12/20 21:23:32 | 000,010,822 | -HS- | C] () -- C:\Users\Neil\AppData\Local\dmyib3jr58pr237op308dq2c28y2k
    [2011/12/20 21:23:32 | 000,010,822 | -HS- | C] () -- C:\ProgramData\dmyib3jr58pr237op308dq2c28y2k

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Blues5340 on Tue Jan 31, 2012 3:24 pm

Hi !
Log from Run Fix - thank you.

========== OTL ==========
Process Rl5upFXK7MUc5u.exe killed successfully!
Process nMdQvhGrqSMKfoq.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nMdQvhGrqSMKfoq.exe not found.
C:\ProgramData\nMdQvhGrqSMKfoq.exe moved successfully.
C:\ProgramData\~Rl5upFXK7MUc5u moved successfully.
C:\ProgramData\~Rl5upFXK7MUc5ur moved successfully.
C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Neil\Desktop\System Check.lnk moved successfully.
C:\ProgramData\Rl5upFXK7MUc5u moved successfully.
C:\ProgramData\Rl5upFXK7MUc5u.exe moved successfully.
C:\ProgramData\UUbf31FPrywISj moved successfully.
C:\ProgramData\uVAwl8dJzFzXCs moved successfully.
C:\ProgramData\xHL47S1x2nY8H9 moved successfully.
C:\ProgramData\TRJAs23erdib7R moved successfully.
C:\ProgramData\hyUox8QGmNSSFC moved successfully.
C:\ProgramData\HKawUnc5AI26Hu moved successfully.
C:\ProgramData\EVmbQXL2uC0hQf moved successfully.
C:\ProgramData\UBCeSH83k3uSCj moved successfully.
C:\ProgramData\Chjsw4OqbIsm85 moved successfully.
C:\ProgramData\jEBJ3Il1AID3o2 moved successfully.
C:\ProgramData\t8ctDO6ELwRE6a moved successfully.
C:\ProgramData\IRA8rdEXkFpctt moved successfully.
C:\ProgramData\QJgSaKnOXKhxND moved successfully.
C:\ProgramData\2HXHIrF0m5fqGz moved successfully.
C:\ProgramData\Meix5Mbswk1PEw moved successfully.
C:\ProgramData\b9qQDfAQko3pKq moved successfully.
C:\ProgramData\TbprYGWJcWcdVl moved successfully.
C:\ProgramData\RLZlE6RvgE4AZ2 moved successfully.
C:\ProgramData\aL3RUa1xLyjQah moved successfully.
C:\ProgramData\ZFCH1oTACD03us moved successfully.
C:\ProgramData\Wl3U1TrsAXviLf moved successfully.
C:\ProgramData\vgHuCE3PhtH1mg moved successfully.
C:\ProgramData\dSoesqsbOSJeLJ moved successfully.
C:\ProgramData\XO9tlPH9iMkqzt moved successfully.
C:\ProgramData\ao74IMqniYp9CW moved successfully.
C:\ProgramData\YjH5uc6OR9Vsa1 moved successfully.
C:\ProgramData\i7nEOPvRAnRWnt moved successfully.
C:\ProgramData\ds658h5rowL2Rw moved successfully.
C:\ProgramData\WJf2OPmlcFb0CA moved successfully.
C:\ProgramData\d8hes7T8z5U98v moved successfully.
C:\ProgramData\f906iXlvxmsAHI moved successfully.
C:\ProgramData\CyBsnJ4UfILC1X moved successfully.
C:\ProgramData\zmVnsXz4xtdy5p moved successfully.
C:\ProgramData\oW9SYmIY5DmiAl moved successfully.
C:\ProgramData\lSzdVYpVcllGcg moved successfully.
C:\ProgramData\Akt8yz4HzSGjlZ moved successfully.
C:\ProgramData\zrBWs4KQ44LrAl moved successfully.
C:\ProgramData\dtcIUffI7VJJ55 moved successfully.
C:\ProgramData\2rb0xDw7llGb5P moved successfully.
C:\ProgramData\2NmnkjakPFna0U moved successfully.
C:\ProgramData\dkDjVsIFcrcKaL moved successfully.
C:\ProgramData\C4lhEWXRbJCJ68 moved successfully.
C:\ProgramData\tJaUQLlfGSTedg moved successfully.
C:\ProgramData\ysTgHMgEEtDGPJ moved successfully.
C:\ProgramData\Dcfz1fq9ZhFCZ3 moved successfully.
C:\ProgramData\82wDjsfyswswZq moved successfully.
C:\ProgramData\wSenr5f5FncgrK moved successfully.
C:\ProgramData\4EpPQ1Dqij9FLC moved successfully.
C:\ProgramData\T2mpRva1J3ydU1 moved successfully.
C:\ProgramData\1A6gACTPHfytGx moved successfully.
C:\ProgramData\5U3oQkkA99T8Cv moved successfully.
C:\ProgramData\FoQ8IMyZn0oQQJ moved successfully.
C:\ProgramData\b9Wo1TZP2laDb8 moved successfully.
C:\ProgramData\w4EcQnULf7JeDf moved successfully.
C:\ProgramData\WMpIXHpcMH3Jo4 moved successfully.
C:\ProgramData\Th0LbT3RSTNuPo moved successfully.
C:\ProgramData\IFoNo44MhEV40C moved successfully.
C:\ProgramData\M3GgxpPfKiHyds moved successfully.
C:\ProgramData\JoRNfhef5SJZbA moved successfully.
C:\ProgramData\hiMkwugb75KVLw moved successfully.
C:\ProgramData\Rm9vKzlzc4drq1 moved successfully.
C:\ProgramData\9tGaSn2Gp0p2wI moved successfully.
C:\ProgramData\pm2Of1Yu2MX5L3 moved successfully.
C:\ProgramData\hRw3rpztWEEFmy moved successfully.
C:\ProgramData\DjE6rn9gQ9jRxA moved successfully.
C:\ProgramData\mDrA70h7RX7dOb moved successfully.
C:\ProgramData\pGfhLHUgd7IVHD moved successfully.
C:\ProgramData\tmsMu9MVOuGPpo moved successfully.
C:\ProgramData\YetgdXnrhHCgEx moved successfully.
C:\ProgramData\ckvE6rqAmqZu7E moved successfully.
C:\ProgramData\SZfr4ecLzYfzUp moved successfully.
C:\ProgramData\WUuQUH8p7WDi0U moved successfully.
C:\ProgramData\NiYRSfZhfybfmB moved successfully.
C:\ProgramData\dooZRulERZ34By moved successfully.
C:\ProgramData\Y9FwEBQB0Be7SF moved successfully.
C:\ProgramData\emR5wx7S29RdnR moved successfully.
C:\ProgramData\iTRSLDZypclAL6 moved successfully.
C:\ProgramData\FHZzy9SzEVJ1qY moved successfully.
C:\ProgramData\DC77Q4BoUMbaVi moved successfully.
C:\ProgramData\1fK8LeUVCUMhkY moved successfully.
C:\ProgramData\agSuDsi2n8Yuw4 moved successfully.
C:\ProgramData\Q6iME2tyl2k1YH moved successfully.
C:\ProgramData\jT21dP9WqMOtv9 moved successfully.
C:\ProgramData\ujtmMafY5oPNgw moved successfully.
C:\ProgramData\Tv9uL3cGrv7crk moved successfully.
C:\ProgramData\XCxaxn9LpoRVWn moved successfully.
C:\ProgramData\oXgMWvIKR5RI6B moved successfully.
C:\ProgramData\AoZO2dc3W9tFQj moved successfully.
C:\ProgramData\rQn4i1keP2KvZx moved successfully.
C:\ProgramData\tMPdUr153sbpsb moved successfully.
C:\ProgramData\G7kzjCfUPexKho moved successfully.
C:\ProgramData\adVchFuDNigd5M moved successfully.
C:\ProgramData\cpEgxWWBQTnPyF moved successfully.
C:\ProgramData\ZUjxffZqq6t9QI moved successfully.
C:\ProgramData\FsAYvABX8OigAn moved successfully.
C:\ProgramData\m4N5STkBWkfM79 moved successfully.
C:\ProgramData\XdoTsuhCLAmlIF moved successfully.
C:\ProgramData\VZTDkZCBX17EBi moved successfully.
C:\ProgramData\jBXBGXWAtELWXD moved successfully.
C:\ProgramData\zV8gmttZ0NaxjA moved successfully.
C:\ProgramData\iRNWvtytAsGKkJ moved successfully.
C:\ProgramData\3eF4gWZw1oM7ws moved successfully.
C:\ProgramData\uXlTMZNxIkx7hj moved successfully.
C:\ProgramData\CdjT9ijYLKNrpl moved successfully.
C:\ProgramData\aHjWBJN8wrwT3m moved successfully.
C:\ProgramData\scdz4WgclJiDoC moved successfully.
C:\ProgramData\c6zjaUdt5pcr55 moved successfully.
C:\ProgramData\8P4MLnR1c8sKcK moved successfully.
C:\ProgramData\gz2c0Q9M1izwsY moved successfully.
C:\ProgramData\3oXVfhks7WfFFK moved successfully.
C:\ProgramData\xqXMTqEhkEsdS5 moved successfully.
C:\ProgramData\9l7VHSZuIRr7qy moved successfully.
C:\ProgramData\YcoQnfYdUKNeE2 moved successfully.
C:\ProgramData\ZUZKrhiIhkvYAf moved successfully.
C:\ProgramData\f1xhW5gIkFPhhu moved successfully.
C:\ProgramData\HTsnBKV101P0r0 moved successfully.
C:\ProgramData\lW9NpOL4Fm8Wzw moved successfully.
C:\ProgramData\al8gC2Jf1pXhMT moved successfully.
C:\ProgramData\N7UOAOt8Szywvd moved successfully.
C:\ProgramData\cxHn0LPChAHFED moved successfully.
C:\ProgramData\XMQL37HzcaCWPH moved successfully.
C:\ProgramData\I2BZTwjXVB1XXE moved successfully.
C:\ProgramData\Ew85HQIjs6pPXk moved successfully.
C:\ProgramData\hzAPg1q1lHDmD2 moved successfully.
C:\ProgramData\pSlU8MHs55ayf3 moved successfully.
C:\ProgramData\ayXmRRJRcuY568 moved successfully.
C:\ProgramData\VPGgBCnFI64x1n moved successfully.
C:\ProgramData\wBAEUEVJqeeH8G moved successfully.
C:\ProgramData\5f3HpNxpMzdC0l moved successfully.
C:\ProgramData\O2sTgCzh4Ahp3c moved successfully.
C:\ProgramData\k95DThl6H987VS moved successfully.
C:\ProgramData\VH38xwuVfgjYFN moved successfully.
C:\ProgramData\sLEmNgX2cczX9w moved successfully.
C:\ProgramData\DE9FSWYA97u05o moved successfully.
C:\ProgramData\L7vErn7dNvmfRN moved successfully.
C:\ProgramData\b4XCAoS8hQAyDd moved successfully.
C:\ProgramData\u71mz2XmJChXUi moved successfully.
C:\ProgramData\WCseGDGeYJrSR2 moved successfully.
C:\ProgramData\N8zum29onq5eUi moved successfully.
C:\ProgramData\RBrr9x0pzE2bwc moved successfully.
C:\ProgramData\WXfaAwBNgFItsS moved successfully.
C:\ProgramData\v6tZnCUzPjcX4e moved successfully.
C:\ProgramData\Nw4NAyNh1rJKRx moved successfully.
C:\ProgramData\WDql8jkvfNRiN0 moved successfully.
C:\ProgramData\~kACM3twrJ1HMg0 moved successfully.
C:\ProgramData\~kACM3twrJ1HMg0r moved successfully.
C:\ProgramData\kACM3twrJ1HMg0 moved successfully.
File C:\ProgramData\nMdQvhGrqSMKfoq.exe not found.
C:\Users\Neil\AppData\Local\dmyib3jr58pr237op308dq2c28y2k moved successfully.
C:\ProgramData\dmyib3jr58pr237op308dq2c28y2k moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_101520

Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Check - just like t25286

Post by Blues5340 on Fri Feb 03, 2012 3:28 pm

Hi,
I was most encouraged after running the fix since the offending windows disappeared. Last nite I lost electricity however, and so I manually started the computer. No offending messages or windows, however, there are no entries under Libraries, Favorites, etc. The screen saver is gone. When I open START, none of the entries on the right side : Control Panel, My Computer, etc show. I tried Windows explorer but cannot see any files there either, including the files I created for you. Foxfire is an icon on my desktop and it reappeared and does work. The only other icons that reappeared are Adobe and Recycle Bin, all others are gone. I have AD-AWARE and it did an automatic update.
Once again, appreciate all your hard work.

Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Belahzur on Sat Feb 11, 2012 12:01 am

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Check - just like t28256

Post by Blues5340 on Sun Feb 12, 2012 6:04 pm

Hi Belahzur,
I disabled AVG and AD-Aware per instructions, apparently AVG did not work. Norton came with the computer - I have never activated or used it. I believe it has some module as part of start up, but I do not know how to get rid of it. I stopped AVG and Norton in the Start Task Mgr. before continuing with Commy.

I apologize, I ran ComboFix, ( renamed to Commy) incorrectly. I started reading the directions that I had printed from Bleeping and it ran that way.

GOOD NEWS - It appears that everything is back now!! I can see all my files from Windows Explorer and the Start icon. I believe everything is OK now and CERTAINLY appreciate your help !! Too bad about Paypal since I feel your help is worth a whole lot more than a book & Malware. I will lodge a complain with them. Once again, many many thanks. Cheryl


ComboFix 12-02-12.01 - Neil 02/12/2012 12:02:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5815.4034 [GMT -5:00]
Running from: c:\users\Neil\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 17:05 . 2012-02-12 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 16:56 . 2012-02-12 16:56 -------- d-----w- c:\users\Neil\AppData\Roaming\AVG10
2012-01-31 15:15 . 2012-01-31 15:15 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 19:47 . 2011-06-29 09:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-11-24 05:00 . 2011-12-14 17:46 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 12:09 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 12:09 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 07:17 . 2012-01-11 19:52 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 07:17 . 2012-01-11 19:52 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 07:15 . 2012-01-11 19:52 460296 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 07:14 . 2012-01-11 12:09 1739160 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 07:12 . 2012-01-11 19:52 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 07:11 . 2012-01-11 19:52 28672 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 07:11 . 2012-01-11 19:52 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 07:11 . 2012-01-11 19:52 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 07:10 . 2012-01-11 19:52 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 07:08 . 2012-01-11 19:52 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 07:05 . 2012-01-11 19:52 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:41 . 2012-01-11 12:09 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:39 . 2012-01-11 19:52 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:39 . 2012-01-11 19:52 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:39 . 2012-01-11 19:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:35 . 2012-01-11 19:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2004-08-10 19:00 . 2011-01-17 16:06 359936 ----a-r- c:\program files\cards.dll
2004-08-10 19:00 . 2011-01-17 15:32 126976 ----a-r- c:\program files\mshearts.exe
2004-08-10 19:00 . 2011-01-17 15:31 55296 ----a-r- c:\program files\freecell.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\HPCeeScheduleForNeil.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\cs68gazp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-02-12 12:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 17:09
.
Pre-Run: 929,762,615,296 bytes free
Post-Run: 931,216,117,760 bytes free
.
- - End Of File - - F6D6F74E450F6BA85636C65DE092E79D


Blues5340
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-01-25
OS OS : Windows 7
Points Points : 17838
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum