-
Try Revo...
Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.- Please download and install Revo Uninstaller Free
- Double click Revo Uninstaller to run it.
- From the list of programs double click on the program you want to remove
- When prompted if you want to uninstall click Yes.
- Be sure the Moderate option is selected then click Next.
- The program will run, If prompted again click Yes
- When the built-in uninstaller is finished click on Next
- Once the program has searched for leftovers click Next.
- Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
- When prompted click on Yes and then on Next.
- Put a check on any folders that are found and select Delete
- When prompted select Yes then Next
- Once done click Finish.
-
HELP
Everything is running much faster now but Norton live update wont complete,the updates download but fail to install :confused: It says
virus definition's failed to complete
-
Since you pay for Norton I suggest you call them ask for help.
If they won't help you we can always install something else.
Meanwhile.....
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
HELP
TL logfile created on: 20/06/2012 14:26:07 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Joshua\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.86% Memory free
6.06 Gb Paging File | 4.98 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 48.50 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Computer Name: JOSHUA-PC | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/20 14:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL (1).exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Joshua\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/05 15:48:22 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/17 11:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/27 17:01:26 | 001,491,616 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/05/31 15:17:19 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/05 16:48:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/11 19:12:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/17 11:44:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2009/04/15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/12/18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/10/27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Joshua\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/06/20 09:22:22 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120619.023\navex15.sys -- (NAVEX15)
DRV - [2012/06/20 09:22:22 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120619.023\naveng.sys -- (NAVENG)
DRV - [2012/06/20 04:24:21 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/19 00:03:24 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/13 19:06:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120613.007\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/31 04:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 04:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 03:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 07:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 06:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/27 14:18:30 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2008/10/09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 14:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/09/04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_7735
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP_ss&mntrId=06c193190000000000000017c4866e65
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7PCTC_en
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6OyeZrekNE
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 20:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/06/20 14:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_9_4 [2012/06/20 14:16:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 20:47:56 | 000,000,000 | ---D | M]
[2011/03/09 11:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Extensions
[2011/03/09 11:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/09 11:58:32 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
O1 HOSTS File: ([2012/06/20 03:08:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joshua\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{384060F3-B18F-4A24-A0C4-182F530B7C78}: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/11 18:49:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
-
HELP
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/06/20 09:22:39 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys
[2012/06/20 09:22:39 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys
[2012/06/20 09:22:39 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys
[2012/06/20 09:22:39 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys
[2012/06/20 09:22:39 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys
[2012/06/20 09:22:38 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys
[2012/06/20 09:22:38 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys
[2012/06/20 09:22:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1207020.003
[2012/06/20 04:22:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/06/20 04:22:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/06/20 04:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/06/20 03:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/20 03:57:27 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/06/20 03:10:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 03:10:24 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\temp
[2012/06/20 02:59:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/19 05:03:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe
[2012/06/19 02:58:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/19 02:58:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/19 02:58:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/19 02:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/19 02:57:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/19 02:52:47 | 004,562,361 | R--- | C] (Swearware) -- C:\Users\Joshua\Desktop\ComboFix.exe
[2012/06/18 22:25:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/18 22:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/18 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/17 18:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/17 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/07 21:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/05/26 19:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/26 19:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/20 14:16:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 14:16:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 14:16:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 14:16:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 09:26:07 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/20 09:25:51 | 002,450,550 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207020.003\Cat.DB
[2012/06/20 05:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 04:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 04:24:21 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/06/20 04:24:21 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/06/20 04:24:21 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/06/20 03:57:27 | 000,001,061 | ---- | M] () -- C:\Users\Joshua\Desktop\Revo Uninstaller.lnk
[2012/06/20 03:08:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/20 02:58:59 | 004,562,361 | R--- | M] (Swearware) -- C:\Users\Joshua\Desktop\ComboFix.exe
[2012/06/20 01:22:35 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Joshua\Desktop\boot_cleaner.exe
[2012/06/19 05:47:48 | 000,000,512 | ---- | M] () -- C:\Users\Joshua\Desktop\MBR.dat
[2012/06/19 05:04:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe
[2012/06/19 03:19:02 | 000,650,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/19 03:19:02 | 000,128,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/18 22:25:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 21:10:22 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/17 18:46:48 | 000,223,030 | ---- | M] () -- C:\Windows\hpwins24.dat
[2012/06/17 18:08:06 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/17 15:53:07 | 000,369,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/08 03:08:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207020.003\isolate.ini
[2012/06/07 15:16:10 | 000,000,956 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/07 15:16:05 | 000,000,926 | ---- | M] () -- C:\Users\Joshua\Desktop\Dropbox.lnk
[2012/05/26 19:45:51 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/26 19:45:51 | 000,001,854 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/26 19:42:34 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/20 09:24:26 | 002,450,550 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\Cat.DB
[2012/06/20 09:22:39 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symnetv.cat
[2012/06/20 09:22:39 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symnet.cat
[2012/06/20 09:22:39 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.cat
[2012/06/20 09:22:39 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.inf
[2012/06/20 09:22:39 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symds.inf
[2012/06/20 09:22:39 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symnetv.inf
[2012/06/20 09:22:39 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symnet.inf
[2012/06/20 09:22:39 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.inf
[2012/06/20 09:22:38 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\iron.cat
[2012/06/20 09:22:38 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.cat
[2012/06/20 09:22:38 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.cat
[2012/06/20 09:22:38 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.inf
[2012/06/20 09:22:38 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\iron.inf
[2012/06/20 09:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\symds.cat
[2012/06/20 09:22:24 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1207020.003\isolate.ini
[2012/06/20 04:24:13 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/20 03:57:27 | 000,001,061 | ---- | C] () -- C:\Users\Joshua\Desktop\Revo Uninstaller.lnk
[2012/06/19 04:17:46 | 000,000,512 | ---- | C] () -- C:\Users\Joshua\Desktop\MBR.dat
[2012/06/19 02:58:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/19 02:58:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/19 02:58:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/19 02:58:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/19 02:58:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/18 22:25:31 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 18:08:06 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/26 19:42:33 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/13 09:58:33 | 000,369,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/10 11:59:56 | 000,029,239 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\UserTile.png
[2012/03/09 17:23:28 | 000,000,502 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\pdfaloud.ini
[2012/03/09 17:23:28 | 000,000,030 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\pron.ini
[2012/02/22 20:37:15 | 000,223,030 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/12/20 10:30:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/11 19:12:44 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/19 10:37:58 | 000,001,940 | ---- | C] () -- C:\Users\Joshua\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/08 17:08:39 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/11/08 17:08:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/11/08 17:08:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/11/08 17:08:39 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/11/08 17:08:39 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/11/08 17:08:39 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/11/08 17:08:39 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/11/08 17:08:39 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/11/08 17:08:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/11/08 17:08:39 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/11/08 17:08:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/11/08 17:08:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/11/08 17:08:39 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/11/08 17:08:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/11/08 17:08:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/11/08 17:08:39 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/11/08 17:08:39 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/11/08 17:08:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/11/08 17:08:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/30 20:04:53 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
========== LOP Check ==========
[2009/02/18 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/02/18 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/02/18 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Acer GameZone Console
[2012/01/31 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Autodesk
[2012/04/12 19:33:21 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Babylon
[2010/05/12 17:19:00 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/10 15:38:26 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/25 17:20:43 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\CurveExpert
[2010/11/11 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DriverCure
[2012/06/20 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Dropbox
[2011/03/29 10:19:26 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\EPSON
[2009/09/20 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\eSobi
[2012/02/29 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\MindGenius
[2010/11/11 12:38:48 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ParetoLogic
[2012/04/10 11:59:56 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\PeerNetworking
[2009/11/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\PowerCinema
[2009/10/01 14:17:18 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\SharePod
[2009/11/04 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\SoftDMA
[2012/02/09 11:55:57 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Spotify
[2010/05/02 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Template
[2012/02/24 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Texthelp Systems
[2011/11/21 12:10:19 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Tific
[2011/03/09 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\TomTom
[2010/02/10 13:22:01 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Uniblue
[2012/06/20 09:42:39 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/06 00:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/06/20 03:10:22 | 000,015,269 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/10/01 14:20:19 | 000,077,109 | ---- | M] () -- C:\ituneslib.itl
[2012/06/20 14:16:10 | 3460,190,208 | -HS- | M] () -- C:\pagefile.sys
[2009/05/25 07:51:14 | 000,002,277 | -HS- | M] () -- C:\Patch.rev
[2009/05/28 13:55:57 | 000,000,175 | RHS- | M] () -- C:\Preload.rev
[2009/05/28 06:10:34 | 000,002,679 | ---- | M] () -- C:\RHDSetup.log
[2012/04/12 19:33:39 | 000,001,533 | ---- | M] () -- C:\user.js
< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/01 13:35:52 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/14 15:56:34 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
[2008/01/21 03:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/02 12:54:36 | 000,000,574 | -HS- | M] () -- C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/06/19 05:04:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe
[2012/06/20 01:22:35 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Joshua\Desktop\boot_cleaner.exe
[2012/06/20 02:58:59 | 004,562,361 | R--- | M] (Swearware) -- C:\Users\Joshua\Desktop\ComboFix.exe
[2012/01/27 16:26:03 | 004,027,056 | ---- | M] (Spotify Ltd) -- C:\Users\Joshua\Desktop\spotify.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\tasks\*.* >
[2012/06/20 04:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 14:16:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 05:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 14:16:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/20 09:42:39 | 000,032,622 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2012/04/02 12:54:37 | 000,000,402 | -HS- | M] () -- C:\Users\Joshua\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2009/05/28 06:26:04 | 000,004,534 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
[2012/06/17 18:46:49 | 000,001,644 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/12/11 19:12:44 | 000,000,147 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/20 10:32:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
Acer Crystal Eye webcam.EXE
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
[2011/12/11 19:06:42 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe
[6 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A2947BEA
< End of report >
-
HELP
OTL Extras logfile created on: 20/06/2012 14:26:07 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Joshua\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.86% Memory free
6.06 Gb Paging File | 4.98 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 48.50 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Computer Name: JOSHUA-PC | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05641351-88EC-48EE-AD9B-3C2127BADF9D}" = lport=138 | protocol=17 | dir=in | app=system |
"{13F57326-511B-4C0A-ADC3-FFA3497F9F99}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C28CFA8-1AE6-4478-8851-872000A3CCF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{2547D79F-0ADE-442A-90C5-D2BFDFE6D975}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2C5951C8-397B-4859-9CDB-DDD7C869AE21}" = rport=139 | protocol=6 | dir=out | app=system |
"{3CDD06D3-55E2-45C3-BFF1-F9D87F017B94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{514D2353-A0F1-4D8F-BCC2-6B4E46D05D67}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{5BE5B60E-E0B7-49EE-A390-03021ACA69A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{612212D1-410E-47B7-B783-A45D254C42AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{722A6699-2113-437C-8E43-CF1F4BF1B773}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A5926FB-6E56-4DE6-A9C8-89677F40C10E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9ACD4427-F651-4052-98ED-C3E6DF9FA281}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC1C35C7-0996-412D-A77B-4C5420BEC8C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD38DC3A-8E35-45CE-9C0D-8D8DEB71C243}" = rport=138 | protocol=17 | dir=out | app=system |
"{AFEA97EF-D2F2-4267-94A2-C7E8677DFB9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1AAD637-FE26-421D-9421-1532E6EA8161}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF11EC04-F38A-4C77-96B8-BFA4C4805285}" = lport=445 | protocol=6 | dir=in | app=system |
"{CFA6DCE3-7677-4C53-A417-13E6ED08EA5C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D76F8F8B-5884-489C-AFFE-6F545F04353F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D94BF9C9-204B-4993-BF4B-0EC8260861E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E631EB69-9124-487C-A8CF-3DF9B3FCE5F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F19C99ED-6A84-42DC-A474-0B8364F92D5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F30AB9FE-2113-47B9-ACC4-FE9B52DE9FBC}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094334F8-5865-4625-B2E6-03B15CA90E0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B5CC1EB-3D6D-4B08-9180-254FBF33A61F}" = protocol=6 | dir=in | app=c:\users\joshua\appdata\roaming\dropbox\bin\dropbox.exe |
"{10E6010B-6AE5-4F16-9EB5-41BB1A338234}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{132D7C43-59A0-4FC6-94DD-5E0FF4C6A478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{1779F049-CC71-486B-AB6A-A002C5D63950}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{1C984F06-2A8C-4BCA-AA6A-6A0A7F795471}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{249D5B98-EFA6-4C87-A261-7EBC09C56D73}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{24A750CB-7397-4521-A791-F23EF9083205}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2745297C-686E-4823-841F-7BE2B36EF046}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28C62A16-F980-47FD-815C-69387F781B72}" = protocol=6 | dir=in | app=c:\users\joshua\appdata\local\akamai\netsession_win.exe |
"{292A50C5-31EE-4BB8-B88A-4068452AC9B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29410029-5139-4C1A-AA8E-0BC4EA43CC8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C752EB8-7EA7-4100-943A-D842EC1ED726}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{343B5E4F-5623-4F39-98FF-80AEFE30FE0C}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3AB88588-FB71-4FC9-83B1-C8659177FFBE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{46B7C05F-89C5-4704-8159-59C68D1B94AA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{46D159F0-1396-4B5C-BE81-F1FCE41A8F97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{498995AE-8E2B-4517-9D6C-D89D39DA1DC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{56F78A8E-A800-4A1B-B05E-1633EFD158D0}" = protocol=6 | dir=in | app=c:\users\joshua\appdata\local\temp\7zs47aa.tmp\symnrt.exe |
"{570EADFF-AFEE-4AAF-B53E-833E0D33042A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5DFFA79F-8121-41E3-B9B0-0B96CF1454F5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{60A4835A-0127-406C-A801-026BDED89B21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6499CCE4-2E1A-4428-AE87-B3DA18455337}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65B35AFA-F928-4B44-8AB1-FAF85D87B823}" = protocol=1 | dir=in | [email protected],-28543 |
"{66A28283-BE2D-42E9-A8A1-2E102DC41256}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6A9A78C6-0185-42EF-9656-520FAB1B1154}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6E7E3634-5A7E-4485-B019-3C1E6D0FF932}" = protocol=58 | dir=out | [email protected],-28546 |
"{6E8BDBCB-93B0-4F03-9ADF-2B94E565B54D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{74A5B1F3-DF12-4E49-892A-9A0165D37940}" = protocol=58 | dir=in | [email protected],-28545 |
"{78EC20BC-4BD2-4624-AB6E-2E8158E7EAD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F7ADBD0-6C16-469B-8C97-B47293CDE1A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{8538B67B-B4C9-4D6F-97AD-5133A0F9AF16}" = protocol=17 | dir=in | app=c:\users\joshua\appdata\local\temp\7zs47aa.tmp\symnrt.exe |
"{8DE5A1AD-D196-4058-A4B1-28B7C357982C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EF95B67-6562-4B7F-990D-211B83BA82BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95635AF1-BA5E-4B4B-AF71-698B1A5954A3}" = protocol=17 | dir=in | app=c:\users\joshua\appdata\roaming\dropbox\bin\dropbox.exe |
"{98531B6E-5A0B-455A-830A-874F192B9DFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9BBDF3EA-D0B3-4072-AA52-6E37E54347D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C3FD847-F5F5-44DD-807D-1B7B4666C7EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DB0177E-8531-4874-A124-FEEBE90CA426}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{A616EDD3-E83A-41EA-8056-F59263C167A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A8185FEC-05CC-429E-8801-066EEA9C6100}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AA34B30C-10CC-4CA6-B582-8521B0C13F1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEF6B172-030A-4186-A403-9E7323E6951E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B11AD505-1284-42AC-AD3A-42CF1548B53B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{B6B26148-694A-40C3-8B8D-8ECD1ADFB3F2}" = protocol=17 | dir=in | app=c:\users\joshua\appdata\local\akamai\netsession_win.exe |
"{B990EE69-DD6B-416A-9054-0FF12E9FCF57}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{BBFBB64F-7C40-4270-8A6A-F205C9BC4657}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{BD411EAB-3A16-4A4F-9308-3F2A48FC9EFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD5D0771-8FC3-4469-B652-6BB6D4C7EA1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BFB74C3F-2D4F-4655-BE52-77AEC778E131}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CB43CA8F-832D-4919-90CC-8E3C4732868F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D4702D51-BD10-4A58-AE37-815A07C79CBA}" = protocol=6 | dir=out | app=system |
"{D5BC18D5-D4BF-4B1F-B139-334A7BC72BD0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D6B55CAC-9885-441F-8D5F-A1FBE2373B44}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D7594AC6-6FE1-4181-A53D-4D38980F7F1F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DA9A7E6D-1C9E-4D06-9E65-03AA29F27334}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCD74AC1-89BA-484D-B904-E6FD1C373FE2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{E2F4F755-8088-40F8-824C-999C5B887B54}" = protocol=1 | dir=out | [email protected],-28544 |
"{EAC7AB14-3A37-4779-A725-DF8A4C6162D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0AE5D23-C674-47C1-B969-81FE9F724A8E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1BE04F5A-86E5-4F05-81AC-BF78CDAED882}" = TEDDS Lite for Access Steel Interactive Worked Examples
"{1C92C419-4DAA-4B9B-B04F-C2E3CDEDCAF9}" = SoftwareManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3C19B361-C9E5-4D9C-99AA-CF039CE7F96E}" = Microsoft Outlook Web Access S/MIME (2007)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA
"{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACDB0D6-429E-4E6F-85E4-89DC23565990}" = Minitab16
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62F75265-0C68-46BC-8E7E-AB14E1C281F4}" = Minitab16
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6CA39676-E8C2-43DA-B824-C4B9C0147EF7}" = WOT for Internet Explorer
"{6CF428B5-D735-4A0B-AA3F-693AC9285D45}" = Minitab16
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7414C891-720D-4E86-85E5-C3AA898DA9EC}" = HP Deskjet 1050 J410 series Product Improvement Study
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
-
HELP
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B4E2E01-D726-414F-947D-8CE4EC074EB6}" = HP Scanjet G3110
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DAD32B9E-196B-4F1B-8722-FA469729EF90}" = MindGenius Education 4
"{DEB0B3B9-9F3D-4051-8D33-103430881BE4}" = Read And Write 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5364E6E-3070-43F3-B9D6-9958A0A7F519}" = hpg3110
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{EFDD0584-E443-4CA8-8B79-E5BE7B22651D}" = Bootstrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CurveExpert" = CurveExpert
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minitab16" = Minitab 16
"MinitabSoftwareManager" = Minitab Software Update Manager
"NIS" = Norton Internet Security
"Revo Uninstaller" = Revo Uninstaller 1.94
"Searchqu Toolbar" = Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Virgin Mobile Broadband ALCATEL_is1" = Virgin Mobile Broadband
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-830232482-3980306108-3991005804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03/05/2011 08:20:46 | Computer Name = Joshua-PC | Source = WinMgmt | ID = 10
Description =
Error - 04/05/2011 03:34:06 | Computer Name = Joshua-PC | Source = WinMgmt | ID = 10
Description =
Error - 04/05/2011 17:46:48 | Computer Name = Joshua-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 04/05/2011 17:46:48 | Computer Name = Joshua-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 04/05/2011 17:46:49 | Computer Name = Joshua-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 04/05/2011 17:46:49 | Computer Name = Joshua-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 04/05/2011 17:47:05 | Computer Name = Joshua-PC | Source = WinMgmt | ID = 10
Description =
Error - 05/05/2011 04:20:08 | Computer Name = Joshua-PC | Source = WinMgmt | ID = 10
Description =
Error - 05/05/2011 05:01:15 | Computer Name = Joshua-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 05/05/2011 05:24:49 | Computer Name = Joshua-PC | Source = VSS | ID = 8194
Description =
[ OSession Events ]
Error - 04/05/2010 10:26:00 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 813
seconds with 540 seconds of active time. This session ended with a crash.
Error - 22/02/2011 12:35:50 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29/04/2011 08:37:30 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29/04/2011 08:38:01 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04/11/2011 11:42:45 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/11/2011 10:48:25 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8180
seconds with 2280 seconds of active time. This session ended with a crash.
Error - 22/11/2011 16:09:23 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22/11/2011 16:10:03 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05/12/2011 05:47:52 | Computer Name = Joshua-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20/06/2012 04:26:19 | Computer Name = Joshua-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20/06/2012 04:26:19 | Computer Name = Joshua-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 20/06/2012 04:41:43 | Computer Name = Joshua-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5B91 Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_03031A32&REV_01\4&e8d5694&0&00E1)
disappeared from the system without first being prepared for removal.
Error - 20/06/2012 04:41:50 | Computer Name = Joshua-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5B91 Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_03031A32&REV_01\4&e8d5694&0&00E1)
disappeared from the system without first being prepared for removal.
Error - 20/06/2012 04:42:12 | Computer Name = Joshua-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Atheros AR5B91 Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_03031A32&REV_01\4&e8d5694&0&00E1)
disappeared from the system without first being prepared for removal.
Error - 20/06/2012 04:42:12 | Computer Name = Joshua-PC | Source = athr | ID = 5003
Description = Atheros AR5B91 Wireless Network Adapter : Could not find a network
adapter.
Error - 20/06/2012 09:16:25 | Computer Name = Joshua-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 0017C4866E65 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 20/06/2012 09:17:53 | Computer Name = Joshua-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20/06/2012 09:17:53 | Computer Name = Joshua-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 20/06/2012 09:18:31 | Computer Name = Joshua-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Thank's:)
-
HELP
Forgot to mention,i managed to get norton live update to work so that's ok now as well.It all seem's to be running great again :)
-
Good news :)
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-830232482-3980306108-3991005804-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A2947BEA
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
===================================================
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
3. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
4. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
HELP
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-830232482-3980306108-3991005804-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:A2947BEA deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56577 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Joshua
->Temp folder emptied: 19510570 bytes
->Temporary Internet Files folder emptied: 2337077 bytes
->Java cache emptied: 608113 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57006 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16790476 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 38.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Joshua
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Joshua
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_002031
Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QE4HF14\showthread[2].htm moved successfully.
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...
-
HELP
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 29
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````
-
HELP
Farbar Service Scanner Version: 19-06-2012 01
Ran by Joshua (administrator) on 21-06-2012 at 00:31:29
Running from "C:\Users\Joshua\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 09:32] - [2012-03-30 13:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-16 21:23] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
-
HELP
Windows just shut down to protect system with flash of a blue screen when eset
scan had reached about 80% with no threat's found.Running eset again:confused:
-
-
HELP
Eset has found 5 infected files but has been stuck at 67% for 25 mins. now.The files
are called win32/toolbar.babylon application,the scan timer clock
is still counting but scan is stuck at 67%what should i do.:(
