Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't remove a Trojan Gen. 2 [Solved]

Started by hile , Dec 01 2012 11:52 AM

  • This topic is locked This topic is locked

#1
hile
Posted 01 December 2012 - 11:52 AM

hile

    Member

  • Member
  • PipPip
  • 38 posts
Please, help. I have a Windows 7, otherwise I know nothing of computers.
  • 0

Advertisements

#2
WhiteHat
Posted 01 December 2012 - 01:34 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.
  • 0

#3
WhiteHat
Posted 01 December 2012 - 01:35 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
msconfig
drives
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

NEXT:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
hile
Posted 01 December 2012 - 02:29 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL logfile created on: 1.12.2012 21:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilkka\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,85% Memory free
3,99 Gb Paging File | 1,13 Gb Available in Paging File | 28,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,43 Gb Total Space | 150,00 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 21,16 Gb Total Space | 3,08 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive E: | 99,18 Mb Total Space | 89,04 Mb Free Space | 89,78% Space Free | Partition Type: FAT32

Computer Name: HPMINI | User Name: Hilkka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.01 21:44:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilkka\Downloads\OTL.exe
PRC - [2012.11.27 17:56:13 | 003,640,480 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Registry Mechanic\RegMech.exe
PRC - [2012.10.06 17:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.08.21 14:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 17:01:02 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:01:02 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010.11.09 15:39:46 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010.11.09 15:39:44 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.11.09 15:39:38 | 000,159,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
PRC - [2010.08.24 02:06:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010.08.03 02:32:34 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.18 00:07:32 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.28 05:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
MOD - [2012.11.28 05:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012.11.28 05:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 05:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 05:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 05:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 05:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 05:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.11.16 03:41:14 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.16 03:39:06 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.08.31 12:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.21 14:44:04 | 000,717,472 | ---- | M] () -- C:\Program Files\PC Tools Registry Mechanic\RMEngine.dll
MOD - [2012.08.21 14:44:00 | 000,098,464 | ---- | M] () -- C:\Program Files\PC Tools Registry Mechanic\FileLoggerDLL.dll
MOD - [2012.08.21 14:43:58 | 000,117,920 | ---- | M] () -- C:\Program Files\PC Tools Registry Mechanic\configurationmanager.dll
MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.01.04 12:42:39 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.11.04 00:48:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.06 17:01:48 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.07.03 11:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.28 15:51:44 | 000,007,680 | ---- | M] (winreview.ru) [Auto | Running] -- C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe -- (persdwmsrv)
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.11.09 15:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.11.09 15:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.11.09 15:39:44 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010.11.09 15:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.08.24 02:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.08.06 04:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.08.03 02:32:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.08.03 02:32:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2010.07.21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | Disabled | Running] -- C:\PROGRA~1\FILSEC~1\Twister\filppd.sys -- (filppd)
DRV - File not found [Kernel | Disabled | Running] -- C:\PROGRA~1\FILSEC~1\Twister\filmfd.sys -- (filmfd)
DRV - File not found [Kernel | Disabled | Running] -- C:\PROGRA~1\FILSEC~1\Twister\fildds.sys -- (fildds)
DRV - File not found [Kernel | Disabled | Running] -- C:\PROGRA~1\FILSEC~1\Twister\x86\ffsmon.sys -- (ffsmon)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.17 11:28:56 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121130.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.17 11:28:56 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121130.020\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.04.30 17:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.12.16 20:17:21 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.09 15:39:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010.11.09 15:39:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010.11.09 15:39:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010.11.09 15:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.08.03 02:32:34 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.11.11 22:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.07.24 13:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPMTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes,DefaultScope = {A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{A80A8FEF-AE11-4269-98FE-F80BD7B4A47A}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{DF7A7A83-AB17-419D-A0C4-67CA3F49D6FC}: "URL" = http://websearch.ask...D5-1D72DB63A548
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "https://moodle.helsinki.fi/my/"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011.11.22 17:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.07.13 15:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.24 12:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 00:48:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.11.13 20:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions
[2012.09.09 16:02:18 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012.11.13 20:20:54 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]
[2012.08.10 17:46:04 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]
[2012.07.13 15:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Sunbird\Profiles\1umhuynu.default\extensions
[2012.01.03 14:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Hilkka\AppData\Roaming\mozilla\firefox\profiles\1isdl4ir.default\searchplugins\askcom.xml
[2012.11.04 00:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 00:48:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.04 00:48:26 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://encrypted.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://encrypted.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hilkka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-haku = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google-kalenteri = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\
CHR - Extension: CodecC = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpilclpacieflhmobalmaccogiioldoo\1.0_0\
CHR - Extension: Bcool = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpcppblempophghmmokblamdheldkkc\7.1_0\
CHR - Extension: Gmail = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Bcool Class) - {042B251A-C325-4408-EAB3-DF9136B68D82} - C:\ProgramData\Bcool\509fac2733af0.ocx ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (CodecC Class) - {EF50BB17-6566-44C5-B872-88B928AE1383} - C:\ProgramData\CodecC\bhoclass.dll (Injector)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000..\Run: [Syncables] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hilkka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hilkka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Cake%20Mania%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC8009A-8F69-48A7-A139-0BA08E20E51A}: DhcpNameServer = 192.168.136.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B1DCF8-624D-440C-9326-34519D2100EA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac17726-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac1772b-2ecf-11e1-b62b-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf77-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{60ccdf7c-2aaf-11e1-b6c5-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{af896153-1094-11e2-acfb-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1ea-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell - "" = AutoRun
O33 - MountPoints2\{ce35c1f2-0220-11e1-9922-2c27d701df43}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.11.30 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Desktop\RK_Quarantine
[2012.11.30 21:22:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.28 21:07:14 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 20:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.11.28 19:57:07 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\Documents\Anti-Malware
[2012.11.27 18:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Filseclab
[2012.11.26 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\Malwarebytes
[2012.11.26 17:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.26 17:20:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.26 17:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.26 17:18:42 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:13 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.25 11:53:36 | 000,000,000 | ---D | C] -- C:\Users\Hilkka\AppData\Roaming\SPE
[2012.11.22 19:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012.11.22 19:02:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.22 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012.11.18 20:45:20 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2012.11.18 20:45:20 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2012.11.18 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012.11.18 20:45:19 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2012.11.18 20:45:19 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.11.18 20:45:18 | 000,513,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2012.11.18 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.11.18 20:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2012.11.15 15:46:56 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.15 15:46:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.15 15:44:29 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.15 15:44:20 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.15 15:44:17 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 15:41:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.15 15:41:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.15 15:41:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.15 15:41:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.15 15:41:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.15 15:41:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.15 15:41:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.15 15:40:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.15 15:34:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 15:34:08 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 15:34:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 15:33:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 15:33:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 15:33:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 15:33:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.11 15:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
[2012.11.11 15:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Bcool
[2012.11.04 00:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.01 21:23:22 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000UA.job
[2012.12.01 19:47:01 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.12.01 19:05:25 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 19:05:25 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 18:43:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.01 18:43:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.01 18:34:54 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.12.01 18:34:52 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.12.01 18:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.01 18:32:53 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.30 21:27:38 | 338,791,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.30 21:23:17 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032965959-4215194031-2116070490-1000Core.job
[2012.11.28 21:07:14 | 000,257,928 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.11.28 21:07:14 | 000,000,036 | ---- | M] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.28 20:07:17 | 000,001,037 | ---- | M] () -- C:\Users\Hilkka\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012.11.28 20:07:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.26 17:21:04 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.26 17:19:45 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hilkka\Desktop\mbam-setup.exe
[2012.11.26 17:16:22 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hilkka\Desktop\rkill.com
[2012.11.25 12:16:50 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.11.22 19:07:32 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.16 03:37:21 | 000,436,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.04 22:41:01 | 002,674,711 | ---- | M] () -- C:\Users\Hilkka\Desktop\2012-02-12 19.57.50.jpg
[2012.11.04 14:49:09 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHPMINI$.job
[2 C:\Users\Hilkka\Desktop\*.tmp files -> C:\Users\Hilkka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.30 21:22:05 | 338,791,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.28 21:07:14 | 000,000,036 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\housecall.guid.cache
[2012.11.28 20:07:17 | 000,001,037 | ---- | C] () -- C:\Users\Hilkka\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012.11.28 20:07:16 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.11.26 17:21:03 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.22 19:24:54 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHilkka.job
[2012.11.22 19:07:32 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.11.19 20:53:07 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.11.18 20:46:02 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2012.11.18 20:45:19 | 000,038,560 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.11.15 15:47:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 15:44:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.08.13 20:54:21 | 000,000,035 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.30 15:16:05 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.08.09 14:23:24 | 000,000,128 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_Photo.xml
[2011.08.09 14:23:24 | 000,000,119 | ---- | C] () -- C:\Users\Hilkka\AppData\Local\mv_music.xml
[2011.04.02 19:28:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.02 19:23:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.04.02 19:22:47 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2011.04.02 19:22:47 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9250410AS
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 199,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 211,00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 21,00GB
Starting Offset: 227226419200
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 103,00MB
Starting Offset: 249950109696
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2012.11.30 22:10:16 | 000,016,709 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | R-S- | M] () -- C:\bootmgr
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.12.01 18:32:53 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.01 20:00:04 | 2150,490,112 | -HS- | M] () -- C:\pagefile.sys
[2012.02.16 17:37:48 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2010.06.29 15:03:42 | 000,013,312 | ---- | M] () -- C:\Thumbs.db

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012.10.03 17:21:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys
[2012.11.28 21:07:14 | 000,257,928 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmcomm.sys

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.04 00:48:25 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.04 00:48:31 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe" [2012.11.28 05:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.08.21 17:16:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012.11.26 22:02:55 | 000,015,878 | ---- | M] ()(C:\Users\Hilkka\Desktop\???????.docx) -- C:\Users\Hilkka\Desktop\Тулоста.docx
[2012.11.26 19:11:31 | 000,015,878 | ---- | C] ()(C:\Users\Hilkka\Desktop\???????.docx) -- C:\Users\Hilkka\Desktop\Тулоста.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:517FAB99
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D2DDD84
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3C6E4889
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:52A63A46
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D19F6C18
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D94162E1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:82111599
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7D371AB2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E70CF2C0
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#5
hile
Posted 01 December 2012 - 02:30 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL Extras logfile created on: 1.12.2012 21:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilkka\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,85% Memory free
3,99 Gb Paging File | 1,13 Gb Available in Paging File | 28,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,43 Gb Total Space | 150,00 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 21,16 Gb Total Space | 3,08 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive E: | 99,18 Mb Total Space | 89,04 Mb Free Space | 89,78% Space Free | Partition Type: FAT32

Computer Name: HPMINI | User Name: Hilkka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{62A7C589-E3C8-4E6C-803A-86FF70DAD80B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0C66654-0CA4-4AAF-830E-7243D218CF9E}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{F68646C7-255D-4F47-9611-BCE91BE6BA97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F6EC3CA7-E66E-4B06-94A0-FCE79BD3DD38}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097C1F64-BFA2-43F3-AE17-11991E7E5A5F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0E495BA1-95C9-4BB0-9307-4B29C7E8F5D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12BA07B9-6137-46DF-B955-65848824EDD1}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{282B3410-6949-4C18-AF66-3661CFAAE59F}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{315FD113-1FD2-4FBC-A61B-BF86D45E75DB}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{372F95A9-3AE7-4E29-8BC4-98C4C23A1A11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38B07B7B-F3B0-4AC2-9F1C-2DCB78053F11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74311B46-02CC-4460-B38A-BA4AADCD1D35}" = protocol=17 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D6276C4-890E-4713-8244-F9178AA7DD27}" = protocol=6 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"{81364EF0-F112-4DDC-8952-4B0D585223C6}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{84CB4CA9-C999-44C1-96AE-97599A4D8E8E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87EDBF1C-38BF-4917-BB85-48E5436FBD95}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{904EAD07-4FE3-4F88-8384-6BDF8B0C9C05}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{95E77A9D-B814-418D-97C8-105D92640634}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9A740BF4-0444-415E-B3A8-97DE63B7F966}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{AD84FD5C-4E59-4080-AA99-D88EBB95739E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{C0BBDC06-0CAC-4142-B9BC-1C0B75FFC9CB}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{C18B087D-6D3E-4503-B7B4-7739E9A7E104}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DA76D0C5-C60E-40F4-B85B-AEF9A0212586}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{EF9313FF-B2C0-4043-AA3F-C10540DB375F}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F0EFC0BA-505C-4BA5-893F-03D2AB05A1FA}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{F528429F-30BD-45B4-AA8C-5F85958E150A}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{F80F9EF7-ABFB-4F14-BBCC-2AEC0226007D}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"TCP Query User{0299E7F5-8183-4F1E-81FE-821924584788}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"TCP Query User{0368A732-7C07-4BC3-9FFB-A29D0B247E89}C:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0CDFC4E7-CADC-41FB-9807-0A5329258081}C:\program files\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"TCP Query User{8341CA85-7731-4E43-970A-2A6E6DAA5693}C:\program files\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"UDP Query User{1110F668-F095-440E-8ABF-657AA28980AB}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{5A868649-F6E1-4A69-BB46-366D718C7EBC}C:\program files\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"UDP Query User{A4867891-DDFA-4385-A358-EAB9D840731A}C:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E94D858E-DDA7-474D-BC99-F32A06E086C7}C:\program files\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = CodecC
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
"{6707309D-7FBC-43C9-926F-A66C69054768}" = OpenOffice.org 3.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{75F2F2E9-E30A-462C-8304-5BB7F0D6AEC5}" = HP Documentation
"{77D3B2EB-8A7E-4E5C-9BC7-6BC2CD6B6B37}" = Personalization Panel DWM Controller
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B50678F-3A52-4426-804C-AAA9A731E655}" = HP Software Framework
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = Mobiililaajakaista
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Suomi
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BC9E0CF3-8C89-419F-AE7F-8EFF09EB6D66}" = Venäläinen asettelu suomalaiselle näppäimistölle
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FeedReader_is1" = FeedReader
"HDMI" = Intel® Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"InstallShield_{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
"Jojos Fashion Show" = Jojos Fashion Show (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Personalization Panel" = Personalization Panel
"qbittorrent" = qBittorrent 3.0.4
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 1.1.11
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30364097

Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30364097

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30365969

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30365969

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30368199

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30368199

Error - 4.8.2012 2:10:24 | Computer Name = HPmini | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.57, time
stamp: 0x4ffb8830 Faulting module name: chrome.dll, version: 20.0.1132.57, time
stamp: 0x4ffb87b1 Exception code: 0x80000003 Fault offset: 0x005477e0 Faulting process
id: 0x123c Faulting application start time: 0x01cd6fd16755e533 Faulting application
path: C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome.dll
Report
Id: 134fed28-ddfb-11e1-9938-2c27d701df43

[ Hewlett-Packard Events ]
Error - 9.11.2012 10:35:14 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:35:22 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:35:42 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:36:41 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:36:49 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:39:22 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:11:38 | Computer Name = HPmini | Source = hpsa_service.exe | ID = 2000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 4.6.2012 9:25:58 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5.6.2012 15:21:37 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 18.7.2012 12:51:29 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2.8.2012 14:53:36 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 22.8.2012 9:20:04 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 29.8.2012 1:57:10 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 11.9.2012 2:45:01 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3.10.2012 8:23:48 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7.10.2012 4:14:46 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 30.11.2012 15:37:04 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 29.3.2012 10:31:57 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Symantec AntiVirus service.

Error - 29.3.2012 22:36:45 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 30.3.2012 2:24:45 | Computer Name = HPmini | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 30.3.2012 8:52:19 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 31.3.2012 5:33:21 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TabletInputService service.

Error - 31.3.2012 11:54:28 | Computer Name = HPmini | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 31.3.2012 12:56:08 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 31.3.2012 22:44:40 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 31.3.2012 23:41:50 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 1.4.2012 0:44:28 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.


< End of report >
  • 0

#6
hile
Posted 01 December 2012 - 02:39 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi!

Thank you so much. My computer is super slow, sorry.
  • 0

#7
hile
Posted 01 December 2012 - 04:39 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL Extras logfile created on: 1.12.2012 21:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilkka\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,85% Memory free
3,99 Gb Paging File | 1,13 Gb Available in Paging File | 28,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,43 Gb Total Space | 150,00 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 21,16 Gb Total Space | 3,08 Gb Free Space | 14,56% Space Free | Partition Type: NTFS
Drive E: | 99,18 Mb Total Space | 89,04 Mb Free Space | 89,78% Space Free | Partition Type: FAT32

Computer Name: HPMINI | User Name: Hilkka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{62A7C589-E3C8-4E6C-803A-86FF70DAD80B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0C66654-0CA4-4AAF-830E-7243D218CF9E}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{F68646C7-255D-4F47-9611-BCE91BE6BA97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F6EC3CA7-E66E-4B06-94A0-FCE79BD3DD38}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097C1F64-BFA2-43F3-AE17-11991E7E5A5F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0E495BA1-95C9-4BB0-9307-4B29C7E8F5D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12BA07B9-6137-46DF-B955-65848824EDD1}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{282B3410-6949-4C18-AF66-3661CFAAE59F}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{315FD113-1FD2-4FBC-A61B-BF86D45E75DB}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{372F95A9-3AE7-4E29-8BC4-98C4C23A1A11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38B07B7B-F3B0-4AC2-9F1C-2DCB78053F11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74311B46-02CC-4460-B38A-BA4AADCD1D35}" = protocol=17 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D6276C4-890E-4713-8244-F9178AA7DD27}" = protocol=6 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"{81364EF0-F112-4DDC-8952-4B0D585223C6}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{84CB4CA9-C999-44C1-96AE-97599A4D8E8E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87EDBF1C-38BF-4917-BB85-48E5436FBD95}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{904EAD07-4FE3-4F88-8384-6BDF8B0C9C05}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{95E77A9D-B814-418D-97C8-105D92640634}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9A740BF4-0444-415E-B3A8-97DE63B7F966}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{AD84FD5C-4E59-4080-AA99-D88EBB95739E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{C0BBDC06-0CAC-4142-B9BC-1C0B75FFC9CB}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{C18B087D-6D3E-4503-B7B4-7739E9A7E104}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DA76D0C5-C60E-40F4-B85B-AEF9A0212586}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{EF9313FF-B2C0-4043-AA3F-C10540DB375F}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F0EFC0BA-505C-4BA5-893F-03D2AB05A1FA}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{F528429F-30BD-45B4-AA8C-5F85958E150A}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{F80F9EF7-ABFB-4F14-BBCC-2AEC0226007D}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"TCP Query User{0299E7F5-8183-4F1E-81FE-821924584788}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"TCP Query User{0368A732-7C07-4BC3-9FFB-A29D0B247E89}C:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0CDFC4E7-CADC-41FB-9807-0A5329258081}C:\program files\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"TCP Query User{8341CA85-7731-4E43-970A-2A6E6DAA5693}C:\program files\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"UDP Query User{1110F668-F095-440E-8ABF-657AA28980AB}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{5A868649-F6E1-4A69-BB46-366D718C7EBC}C:\program files\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"UDP Query User{A4867891-DDFA-4385-A358-EAB9D840731A}C:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hilkka\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E94D858E-DDA7-474D-BC99-F32A06E086C7}C:\program files\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = CodecC
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
"{6707309D-7FBC-43C9-926F-A66C69054768}" = OpenOffice.org 3.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{75F2F2E9-E30A-462C-8304-5BB7F0D6AEC5}" = HP Documentation
"{77D3B2EB-8A7E-4E5C-9BC7-6BC2CD6B6B37}" = Personalization Panel DWM Controller
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B50678F-3A52-4426-804C-AAA9A731E655}" = HP Software Framework
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = Mobiililaajakaista
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Suomi
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BC9E0CF3-8C89-419F-AE7F-8EFF09EB6D66}" = Venäläinen asettelu suomalaiselle näppäimistölle
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FeedReader_is1" = FeedReader
"HDMI" = Intel® Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"InstallShield_{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
"Jojos Fashion Show" = Jojos Fashion Show (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Personalization Panel" = Personalization Panel
"qbittorrent" = qBittorrent 3.0.4
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 1.1.11
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1032965959-4215194031-2116070490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30364097

Error - 4.8.2012 2:10:17 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30364097

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30365969

Error - 4.8.2012 2:10:19 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30365969

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30368199

Error - 4.8.2012 2:10:21 | Computer Name = HPmini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30368199

Error - 4.8.2012 2:10:24 | Computer Name = HPmini | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.57, time
stamp: 0x4ffb8830 Faulting module name: chrome.dll, version: 20.0.1132.57, time
stamp: 0x4ffb87b1 Exception code: 0x80000003 Fault offset: 0x005477e0 Faulting process
id: 0x123c Faulting application start time: 0x01cd6fd16755e533 Faulting application
path: C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Users\Hilkka\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome.dll
Report
Id: 134fed28-ddfb-11e1-9938-2c27d701df43

[ Hewlett-Packard Events ]
Error - 9.11.2012 10:35:14 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:35:22 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:35:42 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:36:41 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:36:49 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 9.11.2012 10:39:22 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:11:38 | Computer Name = HPmini | Source = hpsa_service.exe | ID = 2000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

Error - 21.11.2012 7:12:31 | Computer Name = HPmini | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 4.6.2012 9:25:58 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5.6.2012 15:21:37 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 18.7.2012 12:51:29 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 2.8.2012 14:53:36 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 22.8.2012 9:20:04 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 29.8.2012 1:57:10 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 11.9.2012 2:45:01 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 3.10.2012 8:23:48 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7.10.2012 4:14:46 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 30.11.2012 15:37:04 | Computer Name = HPmini | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 29.3.2012 10:31:57 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Symantec AntiVirus service.

Error - 29.3.2012 22:36:45 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 30.3.2012 2:24:45 | Computer Name = HPmini | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 30.3.2012 8:52:19 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 31.3.2012 5:33:21 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TabletInputService service.

Error - 31.3.2012 11:54:28 | Computer Name = HPmini | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 31.3.2012 12:56:08 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 31.3.2012 22:44:40 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 31.3.2012 23:41:50 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 1.4.2012 0:44:28 | Computer Name = HPmini | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.


< End of report >
  • 0

#8
hile
Posted 01 December 2012 - 04:41 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 22:32:01
-----------------------------
22:32:01.837 OS Version: Windows 6.1.7601 Service Pack 1
22:32:01.837 Number of processors: 2 586 0x1C0A
22:32:02.041 ComputerName: HPMINI UserName: Hilkka
22:32:16.364 Initialize success
22:32:57.437 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 22:32:01
-----------------------------
22:32:01.837 OS Version: Windows 6.1.7601 Service Pack 1
22:32:01.837 Number of processors: 2 586 0x1C0A
22:32:02.041 ComputerName: HPMINI UserName: Hilkka
22:32:16.364 Initialize success
22:32:57.437 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"
22:59:57.110 AVAST engine defs: 12120100
23:00:01.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:00:01.365 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
23:00:01.382 Disk 0 MBR read successfully
23:00:01.395 Disk 0 MBR scan
23:00:02.138 Disk 0 Windows 7 default MBR code
23:00:02.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:00:02.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 216500 MB offset 409600
23:00:02.396 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21671 MB offset 443801600
23:00:02.519 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
23:00:02.598 Disk 0 scanning sectors +488395120
23:00:02.775 Disk 0 scanning C:\Windows\system32\drivers
23:00:58.489 Service scanning
23:02:42.085 Modules scanning
23:03:04.367 Disk 0 trace - called modules:
23:03:04.399 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:03:04.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861eb3c8]
23:03:04.404 3 CLASSPNP.SYS[885b559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84364028]
23:03:07.838 AVAST engine scan C:\Windows
23:03:24.121 AVAST engine scan C:\Windows\system32
23:16:42.723 AVAST engine scan C:\Windows\system32\drivers
23:17:40.829 AVAST engine scan C:\Users\Hilkka
23:23:48.949 File: C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Local State **SUSPICIOUS**
23:58:10.912 AVAST engine scan C:\ProgramData
23:58:24.506 File: C:\ProgramData\CodecC\bhoclass.dll **INFECTED** Win32:Adware-gen [Adw]
00:37:41.079 Disk 0 MBR has been saved successfully to "C:\Users\Hilkka\Desktop\MBR.dat"
00:37:41.174 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"
  • 0

#9
hile
Posted 01 December 2012 - 04:43 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
The scanning stopped completely at some point, so I just saved what there was at that point... Ahhh my computer is so slow
  • 0

#10
hile
Posted 02 December 2012 - 05:21 AM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 22:32:01
-----------------------------
22:32:01.837 OS Version: Windows 6.1.7601 Service Pack 1
22:32:01.837 Number of processors: 2 586 0x1C0A
22:32:02.041 ComputerName: HPMINI UserName: Hilkka
22:32:16.364 Initialize success
22:32:57.437 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 22:32:01
-----------------------------
22:32:01.837 OS Version: Windows 6.1.7601 Service Pack 1
22:32:01.837 Number of processors: 2 586 0x1C0A
22:32:02.041 ComputerName: HPMINI UserName: Hilkka
22:32:16.364 Initialize success
22:32:57.437 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"
22:59:57.110 AVAST engine defs: 12120100
23:00:01.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:00:01.365 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
23:00:01.382 Disk 0 MBR read successfully
23:00:01.395 Disk 0 MBR scan
23:00:02.138 Disk 0 Windows 7 default MBR code
23:00:02.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:00:02.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 216500 MB offset 409600
23:00:02.396 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21671 MB offset 443801600
23:00:02.519 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
23:00:02.598 Disk 0 scanning sectors +488395120
23:00:02.775 Disk 0 scanning C:\Windows\system32\drivers
23:00:58.489 Service scanning
23:02:42.085 Modules scanning
23:03:04.367 Disk 0 trace - called modules:
23:03:04.399 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:03:04.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861eb3c8]
23:03:04.404 3 CLASSPNP.SYS[885b559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84364028]
23:03:07.838 AVAST engine scan C:\Windows
23:03:24.121 AVAST engine scan C:\Windows\system32
23:16:42.723 AVAST engine scan C:\Windows\system32\drivers
23:17:40.829 AVAST engine scan C:\Users\Hilkka
23:23:48.949 File: C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Local State **SUSPICIOUS**
23:58:10.912 AVAST engine scan C:\ProgramData
23:58:24.506 File: C:\ProgramData\CodecC\bhoclass.dll **INFECTED** Win32:Adware-gen [Adw]
00:37:41.079 Disk 0 MBR has been saved successfully to "C:\Users\Hilkka\Desktop\MBR.dat"
00:37:41.174 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 11:32:29
-----------------------------
11:32:29.163 OS Version: Windows 6.1.7601 Service Pack 1
11:32:29.163 Number of processors: 2 586 0x1C0A
11:32:29.194 ComputerName: HPMINI UserName: Hilkka
11:34:52.133 Initialize success
11:35:43.723 The log file has been saved successfully to "C:\Users\Hilkka\Downloads\aswMBR.txt"
11:35:45.735 AVAST engine defs: 12120100
11:35:54.362 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:35:54.378 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
11:35:54.424 Disk 0 MBR read successfully
11:35:54.424 Disk 0 MBR scan
11:35:54.487 Disk 0 Windows 7 default MBR code
11:35:54.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:35:54.596 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 216500 MB offset 409600
11:35:54.752 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21671 MB offset 443801600
11:35:54.830 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
11:35:54.877 Disk 0 scanning sectors +488395120
11:35:55.080 Disk 0 scanning C:\Windows\system32\drivers
11:37:37.548 Service scanning
11:40:25.379 Modules scanning
11:41:14.574 Disk 0 trace - called modules:
11:41:14.587 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
11:41:14.590 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861e7a38]
11:41:14.593 3 CLASSPNP.SYS[885ae59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8471d028]
11:41:29.404 AVAST engine scan C:\Windows
11:42:30.684 AVAST engine scan C:\Windows\system32
12:00:36.447 AVAST engine scan C:\Windows\system32\drivers
12:01:25.976 AVAST engine scan C:\Users\Hilkka
12:18:16.251 AVAST engine scan C:\ProgramData
12:18:24.905 File: C:\ProgramData\CodecC\bhoclass.dll **INFECTED** Win32:Adware-gen [Adw]
12:47:19.897 Scan finished successfully
13:19:30.974 Disk 0 MBR has been saved successfully to "C:\Users\Hilkka\Desktop\MBR.dat"
13:19:31.039 The log file has been saved successfully to "C:\Users\Hilkka\Desktop\aswMBR.txt"
  • 0

Advertisements

#11
hile
Posted 02 December 2012 - 05:21 AM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Now I finished the scan! What's next?
  • 0

#12
WhiteHat
Posted 02 December 2012 - 09:37 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Now I finished the scan! What's next?

Sorry for delay, yesterday was really complicated for me to reply your topic. I hope you understand.

Let's go:

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Bcool
  • CodecC

NEXT:

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1032965959-4215194031-2116070490-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
[2012.11.13 20:20:54 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]
[2012.09.09 16:02:18 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012.08.10 17:46:04 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]
CHR - Extension: CodecC = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpilclpacieflhmobalmaccogiioldoo\1.0_0\
CHR - Extension: Bcool = C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpcppblempophghmmokblamdheldkkc\7.1_0\
O2 - BHO: (Bcool Class) - {042B251A-C325-4408-EAB3-DF9136B68D82} - C:\ProgramData\Bcool\509fac2733af0.ocx ()
O2 - BHO: (CodecC Class) - {EF50BB17-6566-44C5-B872-88B928AE1383} - C:\ProgramData\CodecC\bhoclass.dll (Injector)

:Files
C:\ProgramData\Bcool\
C:\ProgramData\CodecC\

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#13
hile
Posted 03 December 2012 - 11:02 AM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1032965959-4215194031-2116070490-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://search.condui...d=CT2786678&q=" removed from keyword.URL
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected] folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Hilkka\AppData\Roaming\mozilla\Firefox\Profiles\1isdl4ir.default\extensions\[email protected] folder moved successfully.
C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpilclpacieflhmobalmaccogiioldoo\1.0_0 folder moved successfully.
C:\Users\Hilkka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpcppblempophghmmokblamdheldkkc\7.1_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042B251A-C325-4408-EAB3-DF9136B68D82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{042B251A-C325-4408-EAB3-DF9136B68D82}\ not found.
C:\ProgramData\Bcool\509fac2733af0.ocx moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF50BB17-6566-44C5-B872-88B928AE1383}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF50BB17-6566-44C5-B872-88B928AE1383}\ deleted successfully.
File C:\ProgramData\CodecC\bhoclass.dll not found.
========== FILES ==========
C:\ProgramData\Bcool\data folder moved successfully.
C:\ProgramData\Bcool folder moved successfully.
C:\ProgramData\CodecC\data folder moved successfully.
C:\ProgramData\CodecC folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hilkka
->Temp folder emptied: 1911106611 bytes
->Temporary Internet Files folder emptied: 11987199 bytes
->Java cache emptied: 33810 bytes
->FireFox cache emptied: 66878948 bytes
->Google Chrome cache emptied: 72380900 bytes
->Flash cache emptied: 12690 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263630099 bytes
RecycleBin emptied: 9724960 bytes

Total Files Cleaned = 2 228,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12032012_183749

Files\Folders moved on Reboot...
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_F3ABF9C8-F965-4BB2-BC17-C537E6BC3CE7.0\56B75879. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_D195CF35-2AF6-4105-A180-3FC5BE2F89CD.0\11C843FE. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_B9104D55-C421-4756-9CDF-CBE4C176EF17.0\6CA62590. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_83A5BEAA-7028-4C95-B254-EC760ADA43D6.0\DED1C0DD. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_81BBA8A1-E071-4190-B05B-AF7765320C30.0\9A35094C. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_78B2619A-FEB1-45CB-B0A1-CB471B0D8CB3.0\8202E721. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_7676D357-3254-4A86-905E-111DEEF8D88E.0\E52B1A49. not found!
File\Folder C:\Users\Hilkka\AppData\Local\Temp\OICE_57E7CBEF-F2D2-40ED-BE8E-24B3C6EA1817.0\71A1EEB7. not found!
C:\Windows\temp\TMP0000004E443F7D11434AFA75 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#14
hile
Posted 04 December 2012 - 12:48 PM

hile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I think we are in different continents :) Anyway, please, help me move on when you have time. Or am I a hopeless case? Sometimes I feel so...
  • 0

#15
WhiteHat
Posted 04 December 2012 - 08:29 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

I think we are in different continents

I'm from Brazil. :happy:

Again, sorry for delay. I'm having proofs on college and it's really hard for me to get time to access Geeks To Go.

How is your computer?

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP