I recently swapped my laptop and today I decided I was going to clear out all the previous owners stuff to free up some space, i ran a defrag program first and cleared 30gb of junk then proceeded to uninstall some programs i did not need, one of the programs was called smart shopper and i was unable to remove it, my AVG alerted me of a threat associated with the program so i moved it to the vault, upon moving it i ran another scan and it came up clean, but when i ran spybot search and destroy it along with some other problems appeared, so i clicked fix problems and most were removed but this smart shopper is still there, it says i cannot fix it until i run as an admin but i am the admin and right clicking the fix button does not give me any options to run as admin. There also seems to be a problem with some program called click potato
Here is a screen shot of spybots results after i fixed the problems
Here is my OTL report, it actually gave me two windows of txt which look pretty much the same but i shall post both just in case there is something extra there that may be of use
OTL logfile created on: 29/05/2011 22:21:39 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 37.60% Memory free
6.09 Gb Paging File | 3.84 Gb Available in Paging File | 63.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 82.16 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive F: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: KAREN | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/29 22:21:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2011/05/29 21:13:37 | 000,526,512 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2011/05/20 06:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/13 16:31:53 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/17 15:23:58 | 003,965,680 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
PRC - [2009/11/17 15:13:48 | 000,667,648 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/12 15:16:04 | 000,462,848 | ---- | M] (Notso Software) -- C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
========== Modules (SafeList) ==========
MOD - [2011/05/29 22:21:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/30 22:27:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/01/30 00:38:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/10 13:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008/09/04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/06/10 19:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 18:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/04/27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-GB&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/23 19:00:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011/03/07 19:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011/03/07 19:23:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 10:18:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 19:03:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 22:41:04 | 000,000,000 | ---D | M]
[2009/01/29 00:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2011/02/03 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions
[2009/07/05 16:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/17 22:15:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/30 00:39:33 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]
[2009/01/29 00:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]
[2010/01/30 00:39:14 | 000,002,055 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\searchplugins\daemon-search.xml
[2011/04/14 09:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/12 22:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 16:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/14 09:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/01/29 00:38:11 | 000,000,000 | ---D | M] (Yahoo! UK&Ireland Toolbar and Extras) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/11 10:18:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/23 19:00:12 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.004.022.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/07 19:23:15 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS
[2011/03/07 19:23:05 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
[2011/03/02 01:48:22 | 000,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/03 22:08:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/02/03 22:08:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/02/03 22:08:57 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/03 22:08:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MFARestart] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriveDiscoveryMemoryResident] C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe (Notso Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/30 21:05:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/07/31 21:16:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/29 21:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/29 21:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/29 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/28 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations
[2011/05/28 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HBLite
[2011/05/27 11:56:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4D9D0998-4339-4A08-B0AC-743EDF19EB60}
[2011/05/26 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{13F4CDA7-2DDD-427F-AE19-E9CBF13EB490}
[2011/05/22 21:53:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Collages
[2011/05/22 21:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LumaPix
[2011/05/22 21:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LumaPix
[2011/05/22 21:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\LumaPix
[2011/05/22 21:05:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EBAF8293-8AD9-4B5A-A4AF-A1C1168D9694}
[2011/05/22 20:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4600 series
[2011/05/18 18:17:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9F9772CD-D81E-49D0-94C9-59C26AB6AD88}
[2011/05/17 20:17:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EA369293-3AF8-4799-9860-BC52B6D53A72}
[2011/05/12 22:05:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B0891387-738C-4F04-AF69-BC47B525CF22}
[2011/05/10 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B3E99315-5314-481F-A03A-AC9DD50F662B}
[2011/05/09 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3F26D769-F805-45F8-89FF-CBB0AE5B4AD5}
[2011/05/06 16:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2011/05/06 16:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Up
[2011/05/06 16:33:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\FrostWire
[2011/05/06 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\OpenCandy
[2011/05/06 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\FrostWire
[2011/05/06 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\OpenCandy
[2011/05/06 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/06 16:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/05/06 16:28:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\uTorrent
[2011/05/03 21:31:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BFA86B0D-C2BC-4B08-88D4-D6FA1C83BE05}
[2011/05/03 09:31:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\HpUpdate
[2011/05/03 09:31:51 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/05/03 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BA9C4CAF-4E5E-4C49-8124-A82CF5265603}
[2011/05/02 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{88EF8833-7219-41ED-B4FF-F2A605907191}
[2011/05/01 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A47ECF22-3ABD-4162-9C4B-50E5049CAD99}
[2011/04/30 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EA5D9C7C-CF45-4864-9469-007E7DC2C06E}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/02/18 13:30:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Robert\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/29 21:21:06 | 000,001,039 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/29 21:21:06 | 000,001,015 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2011/05/29 21:13:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/29 20:56:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 20:56:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 19:29:05 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E39D930-9D30-483C-A8BF-32D0A667469D}.job
[2011/05/29 18:42:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 18:41:02 | 000,115,200 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 18:02:57 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 18:02:56 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 17:58:38 | 000,001,044 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2011/05/29 13:01:14 | 116,439,227 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/29 12:56:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/28 12:42:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 09:32:59 | 000,000,288 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/27 01:36:50 | 3147,001,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 21:02:25 | 000,045,343 | ---- | M] () -- C:\Users\Robert\Documents\Megamind.XtoDVD
[2011/05/26 15:43:14 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/22 21:53:46 | 000,004,943 | ---- | M] () -- C:\ProgramData\pyknfeyt.slj
[2011/05/22 21:51:27 | 000,001,799 | ---- | M] () -- C:\Users\Robert\Desktop\FotoFusion Version 4.lnk
[2011/05/11 10:18:24 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/06 16:33:52 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\PC Speed Up.lnk
[2011/05/06 16:33:15 | 000,000,998 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.6.lnk
[2011/05/06 16:33:15 | 000,000,974 | ---- | M] () -- C:\Users\Robert\Desktop\FrostWire 4.21.6.lnk
[2011/05/04 20:54:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/30 11:46:08 | 000,319,517 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
========== Files Created - No Company Name ==========
[2011/05/29 21:21:06 | 000,001,039 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/29 21:21:06 | 000,001,015 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2011/05/26 21:02:24 | 000,045,343 | ---- | C] () -- C:\Users\Robert\Documents\Megamind.XtoDVD
[2011/05/22 21:53:46 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2011/05/22 21:51:27 | 000,001,799 | ---- | C] () -- C:\Users\Robert\Desktop\FotoFusion Version 4.lnk
[2011/05/06 16:33:52 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\PC Speed Up.lnk
[2011/05/06 16:33:15 | 000,000,998 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.6.lnk
[2011/05/06 16:33:15 | 000,000,974 | ---- | C] () -- C:\Users\Robert\Desktop\FrostWire 4.21.6.lnk
[2011/05/04 20:54:46 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/04 20:54:46 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/21 22:54:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/12 17:18:33 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/10/28 22:49:28 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2010/10/15 22:52:48 | 000,696,320 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010/10/15 22:52:48 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/11/25 17:13:26 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2009/09/14 21:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 21:53:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/21 22:27:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/21 22:27:37 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/21 22:27:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/21 22:27:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/02/21 22:27:35 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/18 13:31:19 | 000,001,044 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2009/02/18 13:30:12 | 000,087,608 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\inst.exe
[2009/02/18 13:30:12 | 000,007,887 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\pcouffin.cat
[2009/02/18 13:30:12 | 000,001,144 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\pcouffin.inf
[2009/01/15 12:20:38 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wklnhst.dat
[2008/12/31 23:26:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/12/26 19:05:46 | 000,115,200 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 10:18:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/31 21:39:55 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 18:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,310,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== LOP Check ==========
[2010/01/30 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk
[2010/11/27 12:54:56 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AVG10
[2011/01/26 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Birdstep Technology
[2009/02/02 17:36:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canneverbe_Limited
[2010/01/30 00:45:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DAEMON Tools Lite
[2009/12/11 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Datel
[2011/05/29 16:24:18 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FrostWire
[2010/02/28 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\funkitron
[2010/12/01 03:21:00 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GHISLER
[2010/01/30 00:21:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ImgBurn
[2010/10/15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\iolo
[2009/01/16 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LG Electronics
[2009/04/14 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LimeWire
[2009/01/06 17:44:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\muvee Technologies
[2010/10/17 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\My Games
[2011/05/06 16:33:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OpenCandy
[2011/02/02 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera
[2009/03/20 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PlayFirst
[2011/03/07 19:23:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ShopperReports3
[2009/01/15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Template
[2011/05/29 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\uTorrent
[2011/05/29 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\VSO
[2008/12/25 12:07:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WildTangent
[2011/05/27 01:35:13 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/29 19:29:05 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E39D930-9D30-483C-A8BF-32D0A667469D}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0CE7F3C9
< End of report >
Second window
OTL Extras logfile created on: 29/05/2011 22:21:39 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 37.60% Memory free
6.09 Gb Paging File | 3.84 Gb Available in Paging File | 63.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 82.16 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive F: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: KAREN | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{306E27E8-B815-416A-AC2A-C7AF9E60C894}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6F120660-C9E1-4F0A-865A-F8485CA0090A}" = rport=138 | protocol=17 | dir=out | app=system |
"{81E400A5-9CB8-49E3-B7A0-D51BA770ABE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98C71C32-D51F-4D47-800B-1E4E977E2991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BF8EB97-2EEC-4D4D-8218-0F7943159E29}" = lport=139 | protocol=6 | dir=in | app=system |
"{B20C3755-CF35-41F0-A3A7-E564BE4FB46A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BD2BCB9D-7DA9-42F2-848A-0662F3487398}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD9A1185-8133-4476-943F-82760EA26608}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0F39D83-6525-4EA3-A111-237D43BAE9A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6C03D95-A497-47D8-B31F-DDC7B34EF21B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E69A8B7D-4EC3-4AD1-82D9-64514434FC6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EBEE95AA-D57B-4884-8585-FFC923979A77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EF498D84-6C9D-4526-BE36-28747CA2F445}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2F7DB99-264E-47C5-AC0B-546B1F9D7377}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE74565-168B-4C9A-9BE2-FF0632788705}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{1DF6C0BD-5FDD-413B-83E8-53D8391D079A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{295C0D79-A85C-4729-A28C-649ECFE6D9EE}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2A1A26BC-27F3-45D2-B5E7-24984FE62AEA}" = protocol=58 | dir=in | [email protected],-28545 |
"{2EB49906-BB4C-4A48-B773-52CA056AE893}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{384539A8-CC86-4B1D-B1E7-86611AD45968}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3C8BB206-A801-4D20-9DD2-17110700A4BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4650BBCB-E0DC-475D-8974-8614F5478110}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{54E96A9F-BEE7-4321-AA6F-DED5784BE44F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{556F1D42-BC25-4A94-9806-8DCB6CD6DB2B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{56FE63C0-17E1-43AE-B70A-C29C6F278CFD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{59190D44-013C-445C-A5FF-35413655653A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5A2A2E87-F0BA-43FC-AB8A-FAED747652EC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5D3C8BB8-302F-4C48-AC26-1189B85DA68F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5E9992C8-0E91-4ABC-8E61-94F91A0A5425}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{656F1FD8-4B8B-4E78-B2F6-2C440BB107A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6B8C902A-7B84-4A93-BBD9-51C8B4E42886}" = protocol=1 | dir=out | [email protected],-28544 |
"{6CEED97B-5795-47F3-8669-B8EF019EC918}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E7672F1-1095-4CF7-B6CC-7E080B79BEB6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6F9466CE-80AB-44F3-93D5-B1B4F4417BAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82963F32-F354-4F18-8163-485006FA60BA}" = protocol=58 | dir=out | [email protected],-28546 |
"{8673333D-AE31-44D7-A1CE-45DE4E4A3338}" = protocol=1 | dir=in | [email protected],-28543 |
"{8A09419F-7799-4499-B9FD-D85E078C393C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8AFF948B-0FD3-472C-8FE6-63DA4076B68A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9A55CE8D-1839-4EA5-86E5-49EC9F22D42B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{9A721D79-5369-42F0-A397-58071C79F966}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9CF8D578-E11D-4B43-AFD3-A8BEA2450411}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0A17ED1-96DD-4161-B049-52312525883C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A2D53F8C-F97A-456F-9170-C40A549B8F7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A47C38C4-7F30-4BF4-95F1-93E4546871B1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B961ED62-5CB9-4AAB-A085-4FDD8E7B62BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{CA94C26A-E476-4A05-AF1D-65178E3C1C66}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D504B048-768F-4475-AD10-103ADF0220FD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D9C22CDF-6293-4F70-B6DD-98177C24D483}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E13B0A43-5859-4893-9207-5D2059B9C713}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F335FF38-4D24-4598-A46E-C1EAA2980C77}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F53E7E5C-361C-437A-BB27-EF9FC22AAAE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F9D3082C-4DA8-4A80-AE9E-A3B5EA8FE58F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FD3E9B20-F7A7-461D-A881-E3304B5B30C7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FF9AFC6E-A992-4127-B378-FB8077123CF9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{165DCF8F-A465-471C-BC77-E30CA4109D77}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{35884FC6-BD38-4801-8F17-F95258E74B76}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D121A3AB-8897-4D0E-BD72-5F8E0E50BE01}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F2A512CA-183A-4F13-9432-9EB1F5012DE7}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{40E80DE8-6354-4151-BDB8-40F53988C4AE}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{5135DF79-77EB-4D1A-BF27-C8D4BDFD3463}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{99CBE936-9AFD-452F-9396-94C23D348FCF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{EFF45C51-CDAC-4D68-8479-F0E07C4C261F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.5.5c
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A42F0E9F-22CD-4735-8C42-4A68AEFB714C}" = XBOX 360 Xploder Cheat Saves
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active@ UNDELETE Enterprise (Network Edition) " = Active@ UNDELETE Enterprise (Network Edition)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe® Flash® Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AlaskanStorm" = Deadliest Catch Alaskan Storm
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"AVG" = AVG 2011
"BFGC" = Big Fish Games Client
"ClickPotatoLiteSA" = ClickPotato
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"FrostWire" = FrostWire 4.21.6
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MS Access 97 SP2" = MS Access 97 SP2
"PK-PCSU_is1" = PC Speed Up
"Recuva" = Recuva (remove only)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VueScan" = VueScan
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/05/2011 10:28:06 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =
Error - 16/05/2011 10:26:12 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =
Error - 17/05/2011 09:04:16 | Computer Name = Robbie | Source = RasClient | ID = 20227
Description =
Error - 17/05/2011 09:04:23 | Computer Name = Robbie | Source = RasClient | ID = 20227
Description =
Error - 18/05/2011 11:03:18 | Computer Name = Robbie | Source = Application Hang | ID = 1002
Description = The program WilogApp.exe version 2.7.2.89 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17e8 Start Time: 01cc146eb2b7a680 Termination Time: 10
Error - 22/05/2011 16:04:43 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =
Error - 26/05/2011 12:00:51 | Computer Name = Robbie | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c08 Start Time: 01cc18bb4b495eed Termination Time: 0
Error - 26/05/2011 12:07:07 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =
Error - 26/05/2011 13:21:21 | Computer Name = Karen | Source = WinMgmt | ID = 10
Description =
Error - 27/05/2011 04:32:18 | Computer Name = Karen | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26/05/2011 12:00:29 | Computer Name = Robbie | Source = Service Control Manager | ID = 7011
Description =
Error - 26/05/2011 12:05:49 | Computer Name = Robbie | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:03:18 on 26/05/2011 was unexpected.
Error - 26/05/2011 12:07:09 | Computer Name = Robbie | Source = Service Control Manager | ID = 7000
Description =
Error - 26/05/2011 13:21:22 | Computer Name = Karen | Source = Service Control Manager | ID = 7000
Description =
Error - 26/05/2011 13:21:22 | Computer Name = Karen | Source = Service Control Manager | ID = 7026
Description =
Error - 27/05/2011 04:32:20 | Computer Name = Karen | Source = Service Control Manager | ID = 7000
Description =
Error - 27/05/2011 04:32:20 | Computer Name = Karen | Source = Service Control Manager | ID = 7026
Description =
Error - 29/05/2011 15:22:12 | Computer Name = Karen | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 29/05/2011 16:13:30 | Computer Name = Karen | Source = DCOM | ID = 10016
Description =
Error - 29/05/2011 16:13:30 | Computer Name = Karen | Source = DCOM | ID = 10016
Description =
< End of report >
Any help is greatly appreciated