GeekU Junior (Aura), on 14 Jan 2015 - 02:16 AM, said:
You have a lot of "dangerous" software installed. I refer to dangerous software that can harm your system due to the way they work or how to affect/modify it. Plus, I see that they are throwing a lot of errors in your Event Viewer. Therefore, I will ask you to uninstall the following software:
Uninstall Acrobat.com - Useless;Uninstall Adobe AIR - Outdated. Security risk;Uninstall Adobe Flash Player 15 ActiveX - Outdated. Security risk;Uninstall Adobe Shockwave Player 11.5 - Outdated. Security risk;Uninstall Ashampoo WinOptimizer 10 v.10.10 - Dangerous software, useless and not needed;Uninstall Ashampoo WinOptimizer 11 - Dangerous software, useless and not needed;Uninstall FLV Player 2.0 (build 25) - You have VLC media player, I don't know why FLV Player 2.0 would be needed;Uninstall WinRAR 4.20 (32-bits) - Outdated.Uninstall YouTube Downloader Toolbar v4.6 - Adware;Disregard the instructions above, I'm leaving them here for a later purpose.
I see that you have a malicious program installed on your system, YouTube Download Toolbar v4.6, by Spigot. Seeing the programs you currently have installed, I wouldn't be surprised if you have more infection hidden on your system. Therefore, before assisting you with your issue, I'll ask you to get checked up by one of our Malware Removal Helper in the Virus, Spyware, Malware Removal section. All you have to do is to follow the instructions listed in this thread in order to start the assistance procedure. Once the helper have declared you clean, if the issues are still present, you are free to comeback here so I may assist you
Aura had me do a MiniToolBox scan from BleepingComputer.com -
I'll be using my PC normally, browsing or e-mailing when suddenly the comp just freezes, blacks out and then restarts ... got me quite baffled
This happens maybe twice or thrice a day, quite randomly, and sometimes at the most inappropriate times, like halfway through writing an e-mail or replying to a forum post - even when I'm just reading or checking something .............
Ricky
*****
OTL logfile created on: 14/01/2015 3:19:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.65% Memory free
4.00 Gb Paging File | 1.93 Gb Available in Paging File | 48.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 694.76 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/14 02:28:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/12/04 02:05:25 | 000,110,160 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/11/22 09:48:26 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/06/16 08:19:54 | 000,223,624 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
PRC - [2014/06/16 08:19:52 | 003,516,808 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe
PRC - [2014/01/09 09:26:32 | 000,367,016 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2014/01/09 09:26:32 | 000,264,616 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2013/07/15 12:39:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/09 09:26:32 | 000,268,712 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2014/01/09 09:26:32 | 000,133,544 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2014/01/09 09:26:32 | 000,080,296 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MOD - [2014/01/09 09:26:32 | 000,072,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2014/01/09 09:26:32 | 000,033,128 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012/11/18 17:29:24 | 000,108,448 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
MOD - [2009/05/11 16:24:06 | 000,168,960 | ---- | M] () -- C:\Program Files\MpcStar\Codecs\ratDVD\TRLDRP6.ax
MOD - [2009/03/04 18:38:38 | 002,625,536 | ---- | M] () -- C:\Program Files\MpcStar\Codecs\ffdshow\ffdshow.ax
MOD - [2007/12/21 18:01:46 | 000,139,264 | ---- | M] () -- C:\Windows\System32\RTCOM\RTLCPAPI.dll
========== Services (SafeList) ==========
SRV - [2014/12/10 23:24:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/22 09:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/06/16 08:19:54 | 000,223,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe -- (WO_LiveService2)
SRV - [2013/07/15 12:39:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/06 08:47:34 | 000,885,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe -- (WO_LiveService)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [File_System | Auto | Stopped] -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 5\IFS32.sys -- (UI5IFS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2015/01/13 13:50:20 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{154459AD-EC37-4512-A923-F7EAEB8005EB}\MpKsl5e8e884c.sys -- (MpKsl5e8e884c)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/03/20 03:51:44 | 000,014,088 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys -- (LiveTuner2PM)
DRV - [2013/10/02 08:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/07/15 12:38:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2013/07/15 12:38:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2011/03/08 05:01:06 | 000,012,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys -- (LiveTunerPM)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers⠀vid.sys -- (U2800Vid)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/23 18:29:32 | 000,060,768 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2WirePCP.sys -- (2WIREPCP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...te={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...te={installDate}
IE - HKCU\..\SearchScopes,DefaultScope = {B157E6A5-6063-4608-85AB-AA683985F058}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B157E6A5-6063-4608-85AB-AA683985F058}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{E57E714C-9C9F-4C35-A2A9-78E24DF5945C}: "URL" = https://au.search.ya...&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AmiExt\flashEnhancer\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/11 10:06:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/11 10:06:00 | 000,000,000 | ---D | M]
[2014/12/02 22:04:27 | 000,003,116 | ---- | M] () -- \searchplugins\bing.xml
[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flash Saving = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd\242\
CHR - Extension: Motive Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.4.431_0\
CHR - Extension: Shopping Helper = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkgheilfbfelchagijdhnkimfpjgeep\2.0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RoboForm = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.9.2_0\
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner2] C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [telstra_McciTrayApp] C:\Program Files\telstra\Toolkit\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF11A9A5-305F-4BAA-B81A-A5817B67F463}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/14 02:28:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/01/14 01:54:04 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2015/01/10 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2015/01/10 00:27:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2015/01/10 00:21:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/10 00:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft OneDrive
[2015/01/10 00:16:38 | 000,000,000 | R--D | C] -- C:\Users\Owner\OneDrive
[2014/12/28 03:09:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Kromtech
[2014/12/28 03:09:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Zeoinsight
[2014/12/28 03:09:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ZBAnalyticsCore
[2014/12/28 03:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2014/12/19 13:26:44 | 005,317,104 | ---- | C] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup501.exe
[2014/10/20 15:09:09 | 016,254,368 | ---- | C] (Siber Systems) -- C:\Users\Owner\RoboForm-Setup-cnetc (2).exe
[2014/09/05 17:53:33 | 016,335,416 | ---- | C] (Siber Systems) -- C:\Users\Owner\RoboForm-Setup-cnetc.exe
[2010/03/14 09:57:48 | 002,942,176 | ---- | C] (Siber Systems) -- C:\Users\Owner\AiRoboForm-cnetc.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/01/14 03:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/14 02:28:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/01/14 02:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/14 01:54:10 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2015/01/13 16:04:58 | 000,018,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/13 16:04:58 | 000,018,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/13 16:01:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/13 15:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/12 05:50:53 | 005,471,529 | ---- | M] () -- C:\Users\Owner\NASASpacescapes.themepack
[2015/01/12 05:39:52 | 011,278,409 | ---- | M] () -- C:\Users\Owner\Reflections.themepack
[2015/01/12 05:37:56 | 015,166,732 | ---- | M] () -- C:\Users\Owner\PanoramicAnimals (1).deskthemepack
[2015/01/12 05:36:56 | 015,166,732 | ---- | M] () -- C:\Users\Owner\PanoramicAnimals.deskthemepack
[2015/01/12 05:35:28 | 014,095,110 | ---- | M] () -- C:\Users\Owner\ButterfliesMayurKotlikar.themepack
[2015/01/12 05:34:01 | 015,166,726 | ---- | M] () -- C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
[2015/01/12 05:32:27 | 012,097,477 | ---- | M] () -- C:\Users\Owner\AfricanWildlife.themepack
[2015/01/12 05:29:45 | 005,410,226 | ---- | M] () -- C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
[2015/01/03 10:03:52 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
[2014/12/29 19:50:06 | 000,001,340 | ---- | M] () -- C:\Users\Owner\Documents\cc_20141229_194957.reg
[2014/12/21 01:07:36 | 009,236,757 | ---- | M] () -- C:\Users\Owner\RavensAndCrows.themepack
[2014/12/19 13:27:40 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/19 13:27:17 | 005,317,104 | ---- | M] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup501.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/01/12 05:50:47 | 005,471,529 | ---- | C] () -- C:\Users\Owner\NASASpacescapes.themepack
[2015/01/12 05:39:42 | 011,278,409 | ---- | C] () -- C:\Users\Owner\Reflections.themepack
[2015/01/12 05:37:35 | 015,166,732 | ---- | C] () -- C:\Users\Owner\PanoramicAnimals (1).deskthemepack
[2015/01/12 05:36:38 | 015,166,732 | ---- | C] () -- C:\Users\Owner\PanoramicAnimals.deskthemepack
[2015/01/12 05:35:15 | 014,095,110 | ---- | C] () -- C:\Users\Owner\ButterfliesMayurKotlikar.themepack
[2015/01/12 05:33:41 | 015,166,726 | ---- | C] () -- C:\Users\Owner\IndianWildlifeMayurKotlikar.themepack
[2015/01/12 05:32:15 | 012,097,477 | ---- | C] () -- C:\Users\Owner\AfricanWildlife.themepack
[2015/01/12 05:29:37 | 005,410,226 | ---- | C] () -- C:\Users\Owner\EscapeHuynhNhuNguyenMinhTruc.themepack
[2015/01/10 00:26:03 | 000,001,221 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2015/01/10 00:16:36 | 000,002,174 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2015/01/03 10:03:52 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
[2014/12/29 19:49:59 | 000,001,340 | ---- | C] () -- C:\Users\Owner\Documents\cc_20141229_194957.reg
[2014/12/21 01:07:27 | 009,236,757 | ---- | C] () -- C:\Users\Owner\RavensAndCrows.themepack
[2014/12/02 22:03:15 | 000,004,648 | ---- | C] () -- C:\Windows\System32\LavasoftTcpService.ini
[2014/12/02 22:03:15 | 000,002,480 | ---- | C] () -- C:\Windows\System32\LavasoftTcpServiceOff.ini
[2014/11/09 19:24:23 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/10/20 18:57:27 | 000,081,408 | ---- | C] () -- C:\Windows\System32\dfboottime.exe
[2014/10/03 15:13:49 | 006,029,312 | ---- | C] () -- C:\Users\Owner\Photobucket.x86.msi
[2014/09/11 19:44:04 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/14 11:05:34 | 000,001,262 | ---- | C] () -- C:\Users\Owner\Ashampoo® UnInstaller 5.lnk
[2014/02/11 09:56:05 | 000,164,786 | ---- | C] () -- C:\Windows\hpoins13.dat
[2014/02/11 09:56:05 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2014/02/11 09:47:41 | 219,873,664 | ---- | C] () -- C:\Users\Owner\PS_AIO_C4200_NonNet_Full_Win_WW_130_140.exe
[2013/04/01 19:07:05 | 000,026,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
========== ZeroAccess Check ==========
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 09:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/11/01 09:25:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2015/01/03 10:16:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2015/01/10 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2014/02/18 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2013/02/11 20:04:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2014/12/02 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2013/08/03 11:59:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2013/07/13 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
[2014/12/26 07:16:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2015/01/10 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF3D62E7
< End of report >
There is also this "OTL Extras txt"
OTL Extras logfile created on: 14/01/2015 3:19:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.65% Memory free
4.00 Gb Paging File | 1.93 Gb Available in Paging File | 48.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 694.76 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032F8443-A3F9-401F-BBAE-338E20F842D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{04B3EB28-11B7-4215-BB5E-D39588C89659}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F356C19-83A1-419E-A9E4-0517CC6F88F5}" = lport=8744 | protocol=6 | dir=in | name=bitcomet 8744 tcp |
"{187290ED-E10A-4167-BFAF-D734D713388E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C6936AC-4565-4A67-AA66-5346F7BADA0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{33D59C28-6226-4071-9E97-0D2633FFB3A6}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{350B020C-8910-4F57-B51E-2E582F3EB0A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{3897C1BE-1643-4A4F-ACED-B93F77ADA0E6}" = lport=8744 | protocol=17 | dir=in | name=bitcomet 8744 udp |
"{3947569E-68A8-4868-8D4D-B5964C378125}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4538C2A6-D881-47CD-863D-75A5B96F82BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45E1AF92-C1A2-4E34-A305-882F1518B390}" = lport=19898 | protocol=17 | dir=in | name=bitcomet 19898 udp |
"{48B3C855-37D0-4836-9B83-261DDA88FBDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B6380A4-752A-44D3-A1F0-73CE7DC6EF01}" = lport=139 | protocol=6 | dir=in | app=system |
"{50230824-DB16-4B71-A099-6BEB8F2EC5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{522A0B4B-A323-44FE-84CC-52AF9F591779}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{5BD865F1-0C01-48A3-A9DA-89DE0A038B45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FA6DECE-C167-4A53-A0A8-DE68725BCBB2}" = lport=19898 | protocol=6 | dir=in | name=bitcomet 19898 tcp |
"{62073BA1-0C00-4122-9D03-ABF0B54D7A5F}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{63D75030-22BA-4491-99E6-9F79E065111F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{72059D5C-C5BA-4915-98DB-71C9481541D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8086BBD2-5AF8-408A-8BF9-2EA0BBA6C355}" = rport=138 | protocol=17 | dir=out | app=system |
"{8637308F-40C9-4940-93C7-9FC700B57751}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95EF5F9C-CEE0-45FB-8C75-9BFC2BD42257}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{9E350EBE-8C71-4260-B465-8AA7B1C1BE54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A17124E6-E733-4503-A5F3-D4ED57512D39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABF1C57A-63CA-4E07-9C94-A5C3758A5F28}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{B5F73457-84E8-4D78-8C8F-8B760D5D33EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA839CBD-CCA5-4D88-88A5-B37F2A23F7E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4910CAD-785A-4ED9-ACD4-E995870D7454}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC828AFD-259E-40D6-AB95-2C12DBB439BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3816C70-F398-48BA-815C-371898CB4C22}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E7A0A12C-C6BC-45A3-8E4E-8956061C3832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6820251-A8B4-4AF7-BA8A-0183B475E4EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F96BA2C1-2392-4B13-A70B-F918F25E4C14}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0637203B-E62C-41A2-AA3E-7987EAF80FB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0896178B-56A9-4508-A6A6-3D4A5F16A3A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{0C5A958B-BE6D-4964-982F-AC614A2B8E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0EDB084D-D4E7-4F43-B034-EC86A9CE793B}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{17D1F40E-033E-402B-B3F1-3FC173961749}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{183EF8A5-AE32-4707-8D74-78039396C39C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29088191-EDB6-4A4C-9FEF-84407AFD63CF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{33912DE8-4960-4B5F-A617-AF95A2F1B025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39A39D3E-BB3A-4704-8BC4-9841961AC735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3DEBBB95-067F-48C7-8FF4-D022BEA89FDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40F158CC-0EF8-458B-A35A-0D608D03F2D0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4372EBAF-776F-4A75-93C3-02F3EC8D99D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53E1C420-7FCD-4030-9C7C-B1D02F076A3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62929EB5-C1BA-4DF7-B83B-8937E983A7DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62E2A266-8AC5-4D83-B49F-206890866B30}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{643E3C36-F5CE-443F-B3A4-58117513B92A}" = protocol=58 | dir=in | [email protected],-28545 |
"{6D234E15-8929-40DE-8399-C619C5898E1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{762F14D4-5324-4549-8326-17DCEE6ED3D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77A596CD-8690-4CA8-B66C-BF42EB32E05F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79EC946D-3858-44EE-8C12-DFFAE8FD9804}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{89BB5383-4343-4508-8B93-7370167C9D71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{8AE2A909-3E45-4EF8-B371-EA64E3E5E841}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8D41071B-0DDB-44C1-A573-D160729857E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{90019F24-C9B5-4388-9651-3C5E87EF00A4}" = protocol=6 | dir=out | app=system |
"{933C9B84-A0A4-4675-9B8F-4B9C601989C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9655FCD9-15BF-47EE-BE4A-16FBE795E5EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{99480236-FD3F-4E9D-83D2-8EDC417EFEDE}" = protocol=58 | dir=out | [email protected],-28546 |
"{9A05E165-EE2F-4FCE-9193-B8617DBB414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A756FEA1-C7B8-4AFC-885F-F1BE5C75B703}" = protocol=1 | dir=in | [email protected],-28543 |
"{A770B7CF-51DA-471C-A8A6-4FBB84C7E3BA}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe |
"{AD5F7EFD-4D77-4E27-86CD-FCF2BBA11CAA}" = protocol=1 | dir=out | [email protected],-28544 |
"{AE329D1F-A6CB-45A2-8BEB-5A1339A9C6B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF14C0A4-A173-4572-B7A7-ED4EF2447CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3C52FD-F40F-4A86-BDC9-A8EDB38D5E74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B53D8490-4C77-456D-9F1D-AD97DD78C729}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BD3458B6-672C-4002-BB12-FC98D0D78671}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{BFD1A195-22BF-4B0B-B661-E27FD70117B7}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"{E0A8F54E-508A-469B-BE29-478C15E17A77}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{E15484A7-82CB-4546-B8EF-B75198EA50AE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EE573F82-ACA4-43DE-907E-1DC0D4C20E9A}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"{F84EAB40-F425-4BBB-A7AF-CFE528D1A1F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F8A50858-58BE-4223-9968-187E3469AD59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{294FD7B7-0BF1-4804-9B8C-44AC4E0A5450}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{38B99604-D6CB-4B7D-99A4-51542332812F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5ADFBF5B-904C-4D44-BAFD-F1D8CC81C7E1}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{D25C8134-6F41-414D-8BAB-CD7497916758}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0556D590-2A24-4CE5-A64E-46E99F078885}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{137FBEB4-7013-479D-80C2-F46CB1BA5A5F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7304F280-1C2D-4070-851B-815A502D31A9}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{8CA4C3C3-C36E-4A9A-BC14-43C54916470B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series" = Canon MG2500 series MP Drivers
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{27C0CED3-E9FA-4EA0-96AA-FAECE5F81033}" = Nero 7 Essentials
"{286DDBD0-6355-428F-8BD5-822CF08606EC}" = Windows Live MIME IFilter
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1" = Ashampoo WinOptimizer 10 v.10.1.0
"{4209F371-8D72-8119-66FA-897D2D41E27F}_is1" = Ashampoo WinOptimizer 11
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1" = Ashampoo Burning Studio 15 v.15.0.2
"{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1" = Ashampoo Burning Studio 14
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}" = Windows Live Family Safety
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = PC DVR-4-Net
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-9-11-5 (All Users)
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.6.0
"Any Video Converter_is1" = Any Video Converter 5.7.3
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.09
"BitComet" = BitComet 1.35
"Canon MG2500 series On-screen Manual" = Canon MG2500 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"GoPDFReader" = Go PDF Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"IncrediMail" = IncrediMail 2.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Security Client" = Microsoft Security Essentials
"MpcStar" = MpcStar 5.3
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"telstra" = My Online Toolkit
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/01/2015 2:49:01 PM | Computer Name = Owner-PC | Source = ESENT | ID = 455
Description = taskhost (2912) WebCacheLocal: Error -1811 occurred while opening
logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V0101D91.log.
Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll" on line 2. Invalid Xml syntax.
Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll" on line 2. Invalid Xml syntax.
Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll" on line 2. Invalid Xml syntax.
Error - 12/01/2015 3:14:09 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll" on line 2. Invalid Xml syntax.
Error - 13/01/2015 3:58:56 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDgui.dll" on line 2. Invalid Xml syntax.
Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDUP.dll" on line 2. Invalid Xml syntax.
Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\InCDshx.dll" on line 2. Invalid Xml syntax.
Error - 13/01/2015 11:54:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll".Error in manifest or policy file "C:\Program Files\Nero\Nero
7\InCD\NBHStr.dll" on line 2. Invalid Xml syntax.
[ Media Center Events ]
Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.
Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.
Error - 2/02/2010 3:57:37 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner PCDVR3101_3104
Tuner. See ErrorCode 0x80004005 for more information.
[ System Events ]
Error - 12/01/2015 2:46:42 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Ashampoo Uninstaller 5 FileSystemChanges Driver service failed
to start due to the following error: %%3
Error - 12/01/2015 2:47:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 12/01/2015 10:37:29 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 13/01/2015 3:57:00 AM | Computer Name = Owner-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 13/01/2015 3:57:09 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 13/01/2015 3:57:09 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 13/01/2015 3:57:25 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:55:30 PM on ?1/?13/?2015 was unexpected.
Error - 13/01/2015 3:57:14 AM | Computer Name = Owner-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 13/01/2015 3:57:19 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Ashampoo Uninstaller 5 FileSystemChanges Driver service failed
to start due to the following error: %%3
Error - 13/01/2015 3:57:53 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
< End of report >
Thank you so much for your time
Ricky
Edited by Ricky_22, 13 January 2015 - 08:48 PM.