You sir, are more than a genius
Here are the OTL logs.
OTL logfile created on: 27/08/2013 19:00:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.41% Memory free
6.19 Gb Paging File | 5.57 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 398.89 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/08/26 20:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ========== MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
========== Services (SafeList) ========== SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/07/21 10:17:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/11/09 12:45:06 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/07/09 21:48:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/26 20:33:00 | 000,593,920 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/21 22:08:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 15:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/17 14:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/15 10:19:03 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/06/28 18:19:20 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/28 18:19:20 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/28 18:19:20 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/01/24 01:37:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2008/12/17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/08/05 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/06 12:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/02/29 11:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.pack...&m=imedia_x2416IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.co...ng}&rlz=1I7ACPW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{02C30499-C78D-4910-84DA-DBCDBB203A28}: "URL" =
http://uk.search.yah...&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.co...ACPW_en___GB322IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/25 20:08:36 | 000,000,000 | ---D | M]
[2009/06/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2009/06/07 12:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\
[email protected][2012/06/26 17:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fx6uefk1.default\extensions
[2012/11/06 08:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/24 18:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\
[email protected]File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\
[email protected][2009/07/05 06:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
========== Chrome ========== CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: No name found = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/10/15 20:12:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motors.co.uk ([sellyourcar] http in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FA60FB-5855-47ED-90FC-73C7DFD953D2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
ApplePhotoStreams - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
MsConfig - StartUpReg:
APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg:
avast - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig - StartUpReg:
BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg:
iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg:
LMPSSDMON - hkey= - key= - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
MsConfig - StartUpReg:
Spotify Web Helper - hkey= - key= - C:\Users\Dad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig - StartUpReg:
WinPatrol - hkey= - key= - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
MsConfig - StartUpReg:
WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg:
WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 1
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/08/27 18:29:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/27 18:27:08 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/27 18:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/27 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/08/26 21:43:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/26 21:43:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\temp
[2013/08/26 21:42:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/26 21:27:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/26 21:27:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/26 21:27:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/26 21:27:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/26 21:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/26 21:02:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/26 21:01:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2013/08/26 21:00:46 | 005,113,393 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2013/08/26 20:59:32 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Dad\Desktop\JRT.exe
[2013/08/26 20:35:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.com
[2013/08/26 20:35:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.scr
[2013/08/26 20:34:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2013/08/26 20:13:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/26 20:13:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/26 20:13:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/26 20:13:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/26 20:13:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/26 20:13:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/26 20:13:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/26 20:13:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/26 20:11:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/26 20:10:42 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/26 20:10:41 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/26 08:11:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\dds.com
[2013/08/25 18:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/08/25 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/08/15 10:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/08/04 09:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\.oit
[2013/08/04 09:51:06 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\NewSoft
[2013/08/04 09:50:39 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\NewSoft
[2013/08/04 08:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
========== Files - Modified Within 30 Days ========== [2013/08/27 19:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Dad.job
[2013/08/27 18:59:31 | 000,612,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/27 18:59:31 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/27 18:57:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc6ffe48569470.job
[2013/08/27 18:55:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:55:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:55:01 | 000,488,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/27 18:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 18:54:44 | 3220,389,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 18:53:16 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/08/27 18:44:00 | 000,000,236 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2013/08/27 18:33:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 18:28:24 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DAD-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/27 18:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc6ffe48a88500.job
[2013/08/27 07:25:51 | 000,031,947 | ---- | M] () -- C:\Users\Dad\Desktop\hostprocess.jpg
[2013/08/27 07:08:52 | 000,057,991 | ---- | M] () -- C:\Users\Dad\Desktop\otlcom.jpg
[2013/08/27 07:08:35 | 000,030,356 | ---- | M] () -- C:\Users\Dad\Desktop\otlexe.jpg
[2013/08/26 21:01:41 | 005,113,393 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2013/08/26 21:01:34 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2013/08/26 20:59:34 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Dad\Desktop\JRT.exe
[2013/08/26 20:58:04 | 000,994,642 | ---- | M] () -- C:\Users\Dad\Desktop\AdwCleaner.exe
[2013/08/26 20:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.com
[2013/08/26 20:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.scr
[2013/08/26 20:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2013/08/26 19:16:44 | 000,122,054 | ---- | M] () -- C:\Users\Dad\Desktop\update.jpg
[2013/08/26 18:53:25 | 000,069,069 | ---- | M] () -- C:\Users\Dad\Desktop\MBAM.jpg
[2013/08/26 08:47:35 | 000,061,440 | ---- | M] ( ) -- C:\Users\Dad\Desktop\VEW.exe
[2013/08/26 08:07:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\dds.com
[2013/08/25 18:24:26 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/08/25 17:01:51 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 15:05:29 | 000,001,356 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2013/08/25 13:00:30 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/25 06:53:51 | 000,001,927 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/25 06:53:51 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/24 18:47:25 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/24 18:47:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/15 23:08:25 | 000,005,085 | ---- | M] () -- C:\Users\Dad\Documents\En Suite Bathroom.odt
[2013/08/07 04:22:04 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/08/04 08:21:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/03 06:17:16 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ========== [2013/08/27 18:28:24 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DAD-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/27 07:24:53 | 000,031,947 | ---- | C] () -- C:\Users\Dad\Desktop\hostprocess.jpg
[2013/08/27 06:44:01 | 000,057,991 | ---- | C] () -- C:\Users\Dad\Desktop\otlcom.jpg
[2013/08/27 06:41:57 | 000,030,356 | ---- | C] () -- C:\Users\Dad\Desktop\otlexe.jpg
[2013/08/26 21:27:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/26 21:27:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/26 21:27:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/26 21:27:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/26 21:27:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/26 20:58:03 | 000,994,642 | ---- | C] () -- C:\Users\Dad\Desktop\AdwCleaner.exe
[2013/08/26 19:16:44 | 000,122,054 | ---- | C] () -- C:\Users\Dad\Desktop\update.jpg
[2013/08/26 18:57:30 | 3220,389,888 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/26 18:53:25 | 000,069,069 | ---- | C] () -- C:\Users\Dad\Desktop\MBAM.jpg
[2013/08/26 08:48:02 | 000,061,440 | ---- | C] ( ) -- C:\Users\Dad\Desktop\VEW.exe
[2013/08/26 06:41:45 | 000,488,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/25 18:24:26 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/08/25 16:52:20 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 06:53:51 | 000,001,927 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/25 06:53:51 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/24 18:47:25 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/08 11:15:16 | 000,005,085 | ---- | C] () -- C:\Users\Dad\Documents\En Suite Bathroom.odt
[2013/08/04 08:21:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 18:19:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/03/23 08:03:58 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/23 08:03:58 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/12/07 10:31:47 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2012/12/07 10:30:40 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2012/12/07 10:30:37 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2012/12/07 10:28:26 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012/12/07 10:24:20 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2012/12/07 10:24:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2012/12/07 10:24:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2012/12/07 10:24:19 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2012/12/07 10:24:19 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2012/12/07 10:24:19 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2012/12/07 10:24:18 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2012/12/07 10:24:18 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2012/12/07 10:24:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2012/12/07 10:24:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2012/12/07 10:24:17 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2012/12/07 10:24:17 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2012/12/07 10:24:17 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2012/11/02 19:04:23 | 000,004,378 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Comma Separated Values (Windows).NOT
[2011/11/02 14:31:14 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011/11/02 14:31:14 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011/11/02 14:31:14 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/11/02 14:31:13 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011/11/02 14:31:13 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2011/09/13 16:27:23 | 000,004,096 | -H-- | C] () -- C:\Users\Dad\AppData\Local\keyfile3.drm
[2011/01/26 20:05:23 | 000,021,886 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/11/10 20:46:30 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2009/11/21 17:47:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/10 13:25:49 | 000,115,712 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/25 20:30:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/12/31 12:26:11 | 000,000,667 | ---- | C] () -- C:\Users\Dad\Sample Pictures.lnk
========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD64 00AAKS-22A7B SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 586.00GB
Starting Offset: 10738466816
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2013/08/04 09:51:16 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.oit
[2011/03/02 10:10:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Adelard
[2011/02/17 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Adobe
[2013/05/25 22:58:19 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Apple Computer
[2012/03/28 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/26 21:06:10 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2011/05/02 11:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CyberLink
[2010/11/22 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Epson
[2009/04/10 07:16:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Google
[2011/11/08 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GRETECH
[2011/03/28 22:30:10 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HTC
[2009/04/09 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Identities
[2010/01/14 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\InstallShield
[2011/11/04 11:46:24 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2009/04/11 07:27:15 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Macromedia
[2009/10/23 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Media Center Programs
[2012/07/15 19:47:20 | 000,000,000 | --SD | M] -- C:\Users\Dad\AppData\Roaming\Microsoft
[2010/07/09 21:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Motive
[2012/06/26 17:14:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla
[2010/09/03 14:39:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NCH Software
[2013/08/04 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NewSoft
[2011/08/09 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Outlook
[2011/11/21 13:58:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Packard Bell
[2013/03/03 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Skype
[2011/07/07 11:29:08 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\skypePM
[2013/08/24 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Spotify
[2011/12/19 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stellarium
[2009/04/09 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Symantec
[2012/06/26 17:14:36 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Talkback
[2009/06/07 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TomTom
[2010/03/21 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Trusteer
[2013/08/24 18:40:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WinPatrol
< MD5 for: ATAPI.SYS >[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 03:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 03:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 03:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 20:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USER32.DLL >[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/09/29 20:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< dir C:\ /S /A:L /C > Volume in drive C is OS
Volume Serial Number is 50B4-FA92
Directory of C:\
02/11/2006 14:02 <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Desktop [..]
02/11/2006 14:02 <JUNCTION> Documents [..]
02/11/2006 14:02 <JUNCTION> Favorites [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Desktop [..]
02/11/2006 14:02 <JUNCTION> Documents [..]
02/11/2006 14:02 <JUNCTION> Favorites [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Dad
09/04/2009 19:32 <JUNCTION> Application Data [C:\Users\Dad\AppData\Roaming]
09/04/2009 19:32 <JUNCTION> Cookies [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies]
09/04/2009 19:32 <JUNCTION> Local Settings [C:\Users\Dad\AppData\Local]
09/04/2009 19:32 <JUNCTION> My Documents [C:\Users\Dad\Documents]
09/04/2009 19:32 <JUNCTION> NetHood [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/04/2009 19:32 <JUNCTION> PrintHood [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/04/2009 19:32 <JUNCTION> Recent [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Recent]
09/04/2009 19:32 <JUNCTION> SendTo [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\SendTo]
09/04/2009 19:32 <JUNCTION> Start Menu [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu]
09/04/2009 19:32 <JUNCTION> Templates [C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dad\AppData\Local
09/04/2009 19:32 <JUNCTION> Application Data [C:\Users\Dad\AppData\Local]
09/04/2009 19:32 <JUNCTION> History [C:\Users\Dad\AppData\Local\Microsoft\Windows\History]
09/04/2009 19:32 <JUNCTION> Temporary Internet Files [C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dad\AppData\LocalLow
13/02/2013 20:45 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dad\Documents
09/04/2009 19:32 <JUNCTION> My Music [C:\Users\Dad\Music]
09/04/2009 19:32 <JUNCTION> My Pictures [C:\Users\Dad\Pictures]
09/04/2009 19:32 <JUNCTION> My Videos [C:\Users\Dad\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> Local Settings [..]
02/11/2006 14:02 <JUNCTION> My Documents [..]
02/11/2006 14:02 <JUNCTION> NetHood [..]
02/11/2006 14:02 <JUNCTION> PrintHood [..]
02/11/2006 14:02 <JUNCTION> Recent [..]
02/11/2006 14:02 <JUNCTION> SendTo [..]
02/11/2006 14:02 <JUNCTION> Start Menu [..]
02/11/2006 14:02 <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 14:02 <JUNCTION> Application Data [..]
02/11/2006 14:02 <JUNCTION> History [..]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 14:02 <JUNCTION> My Music [..]
02/11/2006 14:02 <JUNCTION> My Pictures [..]
02/11/2006 14:02 <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\G2G
27/08/2013 17:30 <JUNCTION> Application Data [C:\Users\G2G\AppData\Roaming]
27/08/2013 17:30 <JUNCTION> Cookies [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Cookies]
27/08/2013 17:30 <JUNCTION> Local Settings [C:\Users\G2G\AppData\Local]
27/08/2013 17:30 <JUNCTION> My Documents [C:\Users\G2G\Documents]
27/08/2013 17:30 <JUNCTION> NetHood [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/08/2013 17:30 <JUNCTION> PrintHood [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/08/2013 17:30 <JUNCTION> Recent [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Recent]
27/08/2013 17:30 <JUNCTION> SendTo [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\SendTo]
27/08/2013 17:30 <JUNCTION> Start Menu [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu]
27/08/2013 17:30 <JUNCTION> Templates [C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\G2G\AppData\Local
27/08/2013 17:30 <JUNCTION> Application Data [C:\Users\G2G\AppData\Local]
27/08/2013 17:30 <JUNCTION> History [C:\Users\G2G\AppData\Local\Microsoft\Windows\History]
27/08/2013 17:30 <JUNCTION> Temporary Internet Files [C:\Users\G2G\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\G2G\Documents
27/08/2013 17:30 <JUNCTION> My Music [C:\Users\G2G\Music]
27/08/2013 17:30 <JUNCTION> My Pictures [C:\Users\G2G\Pictures]
27/08/2013 17:30 <JUNCTION> My Videos [C:\Users\G2G\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
11/04/2009 18:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
11/04/2009 18:07 <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
11/04/2009 18:07 <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
11/04/2009 18:07 <JUNCTION> My Documents [C:\Users\Guest\Documents]
11/04/2009 18:07 <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/04/2009 18:07 <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/04/2009 18:07 <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
11/04/2009 18:07 <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
11/04/2009 18:07 <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
11/04/2009 18:07 <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
11/04/2009 18:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
11/04/2009 18:07 <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
11/04/2009 18:07 <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
11/04/2009 18:07 <JUNCTION> My Music [C:\Users\Guest\Music]
11/04/2009 18:07 <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
11/04/2009 18:07 <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 426,507,661,312 bytes free
< C:\Windows\assembly\tmp\U\*.* /s > < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/25 01:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/20 19:59:39 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/25 03:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %ProgramFiles%\WINDOWS NT\*.* /s >[2010/06/28 15:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 13:41:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 07:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 12:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 19:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 19:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 19:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 19:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 19:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 12:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 07:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
< %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
and here is the extras
OTL Extras logfile created on: 27/08/2013 19:00:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.41% Memory free
6.19 Gb Paging File | 5.57 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 398.89 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B72A2D-8D38-471F-88B0-F86F18D774B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{14D082DF-4DDF-4EA3-B588-BE559A8A29C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F640BC3-140E-4CA5-9C75-82557409E594}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49F727DD-7388-4606-A0F4-5836E050C19E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D25B4B4-7C26-499E-9DA9-2B6FE2EF1B7F}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FA8AE6A-A60C-47E1-A748-1AED97ACD43F}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FD2E2E9-92C1-4F39-B628-D113FAA8B6E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7089D862-3CBB-4474-B06C-CC820D5B9685}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{70EF8120-7E62-4A99-A03E-57D07AED7F89}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{744C5C2D-FBF2-4DF2-94C6-38DC0D2E6260}" = rport=138 | protocol=17 | dir=out | app=system |
"{752D0DE4-7101-4D89-ACAB-CB38E89DB4E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D533AA6-5331-43B4-A0D0-96DC777E154D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CEC332-84E5-4C49-A571-F13824AB979B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{935E7005-2EEA-4E99-BF58-E715B4C27F19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{959F9107-85CD-4988-A790-5464B5070C8D}" = lport=137 | protocol=17 | dir=in | app=system |
"{B12692F1-F40F-4F70-805E-7B9BE321CA48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2BCDCCF-A4D4-4062-B6E9-8EFA45B5C887}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAEE8306-636A-4590-8583-9D582DFFD02B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE2235B9-CE04-4139-B711-A8D5D0567A68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F66D0290-6FAD-4F7E-B961-2B277016E26B}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1494ED65-8C16-4D35-9D7F-23816A411A42}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{20FCF9B3-740B-412E-A4C5-105BA704F485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24C1E3A3-4307-4072-BFED-2BD582995737}" = protocol=58 | dir=in |
[email protected],-28545 |
"{2D331032-BDD6-4B22-AA65-8D87AB43E879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31145009-BED0-4DBE-92E3-27A62432DB2E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{324171CB-AC10-4710-8152-6E7513ECCBA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4644FEC2-6747-4B51-9DDE-9E8590E57DA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BEE751D-F82C-4474-A564-AE5806245A76}" = protocol=1 | dir=out |
[email protected],-28544 |
"{694815AF-148F-41FB-8058-E1FF1B95FEFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DB4FBD7-79A3-400F-9C65-576E9E7CB3C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A837A68-3652-463C-9721-9C0A762EB3DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CF892A4-C010-4AFD-B255-BA069032EF23}" = protocol=1 | dir=in |
[email protected],-28543 |
"{9AA0739C-5794-4ECE-9D85-B1BE60A371A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9DDA21C2-8B24-4CC5-89B3-1077D59BAC4D}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{A1B4EB49-9946-4001-9096-F1996061D545}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE04710C-33AC-4CD6-A45F-02350CAD726A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1885E62-0348-4F05-A2DD-E3444AF5FD91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDBC6709-7F1F-4C1F-8251-71791CE28AE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2271B24-03BC-40AB-B4C3-10BA66C7E788}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5171606-01FD-4B80-9C37-0CC0F9DA618F}" = protocol=58 | dir=out |
[email protected],-28546 |
"{C868DC15-6BB4-4620-9765-B4740EE04D86}" = protocol=6 | dir=out | app=system |
"{D2936B79-089D-40EC-9111-34D5AB63DAF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3FD4682-1533-4883-8421-AC77E20E7919}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D90DB576-C259-4E06-B452-58D6AE3CE635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D997F838-FB5D-4D0D-A7D2-E9B6AFFFD896}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E7FE2891-8F8B-4EDC-A328-65E27D72AC03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F540165C-2E21-4D2A-B284-AFBD9FA80E50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3B43435F-C747-41D1-8CD1-F27D202F9711}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{44477D04-1624-4289-B67B-735F6E69D3E7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{6307922E-5C40-4F0F-9BDF-D18EB6C3D102}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{73AAC03D-4B5A-4FB8-BBFB-9C98E90AFB94}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{95A76AB2-2B44-4945-B686-D42C17F189F9}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{9C315914-440E-4D8B-AE6E-C1545F1C1A14}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{AB3841E9-4552-4A37-9758-9B55296DD628}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B1407936-5EFA-442C-A95E-E11052002BB4}C:\users\dad\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dad\appdata\roaming\spotify\spotify.exe |
"TCP Query User{BB0E4DED-9E61-4AE4-A2D5-92504EAA7F82}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"TCP Query User{C6E34500-4D90-4554-A6EB-B06F2845B5D8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{0D6E61A5-543C-4719-B351-69B1A86C6474}C:\users\dad\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dad\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1FDBF953-3749-48CE-B8BC-8B979BE16431}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2167450C-56E7-438C-A5A3-8E3163490941}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{437F7595-AFC1-4773-934A-39C453432A55}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{50179869-60FE-48FD-BC79-1EBACDDEC14F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6B0467B1-21ED-4224-B3B7-37C3788CC925}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{74F94320-247C-4EC5-B88B-9CC6A234E731}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{8EC58FBA-10F4-4CF9-BD48-7233A80BE835}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"UDP Query User{C942098A-34AC-48B6-A679-894D7711F7E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DB20FFA3-0229-4411-A5B4-8FA9A3BDE178}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{070BC58F-C9D9-4EC6-8ACA-FF433378BFC2}" = HTC Rome USB Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{25EEBF98-0807-4DA9-8998-992C8FA388DC}" = HTC Sync for BrewMP
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2BD94085-2E05-4EBD-8F2D-AF7499C50D92}" = LCD test
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.31
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{972DF094-DFC0-42B7-A7C8-B2FCC66E2FAA}" = Home Accounts 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Updator
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E13A3B1E-53C6-4697-AB0E-AE9AC6184499}" = Lexmark Scan Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Image Writer
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AP3456" = AP3456
"ASCE v4.0" = ASCE v4.0
"avast" = avast! Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor" = Belarc Advisor 8.3
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"ClassicFTP" = Classic FTP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.23
"Disketch" = Disketch CD Label Software
"EPSON Printer and Utilities" = EPSON Printer Software
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW User’s Guide" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist Corporate
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"Rapport_msi" = Trusteer Endpoint Protection
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Stellarium_is1" = Stellarium 0.10.6.1
"ToolBox" = NCH Toolbox
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Where is M13?_is1" = Where is M13? version 2.3
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 27/08/2013 02:17:46 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0x8a4, application start time
0x01cea2ed25a513d1.
Error - 27/08/2013 02:22:06 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module fntcache.dll, version 7.0.6002.23097, time stamp 0x516e7515,
exception code 0x40000015, fault offset 0x00025eda, process id 0xf98, application
start time 0x01cea2e91227bf01.
Error - 27/08/2013 02:42:33 | Computer Name = Dad-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 27/08/2013 12:40:01 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xf80, application start time
0x01cea34412a3bd71.
Error - 27/08/2013 12:43:37 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0x9e8, application start time
0x01cea34493b482f1.
Error - 27/08/2013 12:43:55 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL (1).com, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xb00, application start time
0x01cea3449eacbd31.
Error - 27/08/2013 12:44:30 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.scr, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xb74, application start time
0x01cea344b37ec961.
Error - 27/08/2013 12:44:59 | Computer Name = Dad-PC | Source = Application Error | ID = 1000
Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception
code 0xc0000005, fault offset 0x000bff8d, process id 0xba0, application start time
0x01cea344c49ddfb1.
Error - 27/08/2013 13:56:24 | Computer Name = Dad-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27/08/2013 02:22:09 | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27/08/2013 13:56:24 | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7023
Description =
< End of report >
I notice that I did not check the Scan all users box - should I have done?