# Solved: Error message on start-up.



## A19 JFO (Nov 24, 2008)

Dell Dimension 8400 o/s W7 Ultimate, running fine for months, has suddenlt started to have an error window pop up on the Desk Top during start up: RUN DLL
There was a problem starting P0620Pin.dll.
. The specified module could not be found. 
OK

If I click on "OK", the message dissapears and so far there has been no further problems. My PC has worked fine. but is that because I haven't so far used whatever the program(s) this dll module is part of? or what? I can use my PC for now, but have I a time bomb ticking away waiting to go off?
Have downloaded TSG SysInfo as recommended and it has got all the relevant info on it but I dont seem to be able to attach it, as I cant get it onto my Desk Top.


----------



## huggie54 (Feb 17, 2008)

hiya have you a creative webcam on your system


----------



## emadpsych (Jan 22, 2013)

p0620pin.dll is a Installation Plug-In from Creative Technology Ltd. belonging to WebCam Instant Non-system processes like p0620pin.dll originate from software you installed on your system.

so if you want this message go away, you have 2 option : 
first : reinstall the software taht you use for webcam ( maybe this one : WebCam Instant ).
first : you can uninstall the software.

how ever Some malware camouflages itself as P0620Pin.dll, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the P0620Pin.dll process on your PC to see if it is a threat.do a scan with something like this : Security Task Manager. 
you can download a 30days trial of this software here : website:Security Task Manager


----------



## A19 JFO (Nov 24, 2008)

I think that you may have solved the problem. I had a creative webcam, but removed it for Logitech HD one a couple of weeks ago. I thought I'd removed everything but obviously I hadn't. Is there anything I need to be careful about, here? Anyway, thanks, thanks so far, I'll get on with checking if anything is left behind.


----------



## flavallee (May 12, 2002)

Download *MGADiag* to your desktop.

Double-click on MGADiag.exe to launch the program.

Click "Continue".

Ensure that the "Windows" tab is selected (it should be by default).

Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

Paste the MGA Diagnostic Report back here in your next reply.

-----------------------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

I've downloaded MGADiag, done a scan and posted it the Windows clipboard, where's that? I have no idea, and how do I get the file from there to here?


----------



## valis (Sep 24, 2004)

when it's pasted to the clipboard, just come back here, right click in the reply box, and choose 'paste'.

thanks, 

v


----------



## A19 JFO (Nov 24, 2008)

I think that I 've uploaded MGADiag, but I see no evidence of it anywhere!


----------



## A19 JFO (Nov 24, 2008)

Done that, but nothing seems to happen.


----------



## A19 JFO (Nov 24, 2008)

How do I know it's posted to the clipboard? I found MGADiag in my downloads and I think I've uploaded it, but I know not where!


----------



## flavallee (May 12, 2002)

A19 JFO said:


> Dell Dimension 8400 o/s W7 Ultimate


The Dell Dimension 8400 desktop was introduced in mid-2004 and came with Windows XP SP1.

How did Windows 7 Ultimate get installed in it?

-----------------------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

I installed it, and it works fine, one or two hiccups along the the way, but overall it works great. It wasn't until after I installed it that I found out that it wasn't supposed to worK!


----------



## flavallee (May 12, 2002)

What's the 7-character "service tag" number on the sticker of that desktop?

---------------------------------------------------------

Go to Control Panel - Device Manager.

Are there any entries with a yellow *?* or *!* next to them?

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

We won't be able to go any further until we see the MGA Diagnostic report. The instructions were very clear. After running the tool and clicking "copy", open a reply box here and right-click and select "paste" and the report should appear. If that doesn't work then click on "Edit" in the Menu Bar and select "Paste" from there.


----------



## A19 JFO (Nov 24, 2008)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-8CYG3-26W24-MK7PC
Windows Product Key Hash: gVxD6QmK5xYxDOs31Reoue+TAr8=
Windows Product ID: 00426-067-9486096-86632
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {C47590F3-A752-4009-B1B0-0632DD31F822}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C47590F3-A752-4009-B1B0-0632DD31F822}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MK7PC</PKey><PID>00426-067-9486096-86632</PID><PIDType>5</PIDType><SID>S-1-5-21-841080056-3148159076-2394933303</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension 8400 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="3"/><Date>20060707000000.000000+000</Date></BIOS><HWID>3E863107018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: a0cde89c-3304-4157-b61c-c8ad785d1fad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00172-067-948609-00-2057-7600.0000-1892010
Installation ID: 010622478512578743073095457423409860949213088740421735
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MK7PC
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 23/01/2013 10:17:18 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:16:2013 17:26
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAIABAABAAEAAAADAAAAAQABAAEAeqiMGCY3bm7Y+KwUZJLg6/S05kzYgFLdi8iEpuw7
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL 8400 
FACP DELL 8400 
HPET DELL 8400 
BOOT DELL 8400 
MCFG DELL 8400 
SSDT DELL st_ex
SLIC HPQOEM SLIC-MPC


----------



## Cookiegal (Aug 27, 2003)

Where did you get the Windows 7 that you installed?

There is a Hewlett Packard SLIC table on a Dell machine so something is not right.


----------



## A19 JFO (Nov 24, 2008)

What do you mean, SLIC table? My son bought the W7 CD ROM for me with activation key/code.


----------



## Cookiegal (Aug 27, 2003)

The SLIC table is a portion of the BIOS that is read for license activation on an OEM machine. There is no valid reason to find a SLIC table from a Hewlett-Packard on a Dell branded machine. So it it looks like an activation exploit may have been used in the past on this machine. But the current installation is not OEM (it's retail) and does appear to be genuine.


----------



## A19 JFO (Nov 24, 2008)

I'm the only owner, I've had lt from new, I don't understand, why shouldn't I have a HP printer on my Dell? It's my choice! What does an "activation exploit" mean. Sorry to be so dumb.


----------



## Cookiegal (Aug 27, 2003)

It's not an HP printer, it's an HP BIOS marker. Did you ever have someone reload Windows for you previous to installing Windows 7? In any event, it doesn't matter as the current installation appears to be genuine.


----------



## A19 JFO (Nov 24, 2008)

For the record, I bought my Dell direct from Dell in May 2005, with XP installed, and it's had no other changes apart from the upgrade to Windows 7 Ultimate, nearly 18 months ago. Thinking about a new one now, though.


----------



## A19 JFO (Nov 24, 2008)

I still have the problem that I posted originally. the RUN DLL window.But I seem to have been diverted to a different post. I dont quite understand that.


----------



## A19 JFO (Nov 24, 2008)

What a twit, it's page 2 isn't it! ha ha.


----------



## Cookiegal (Aug 27, 2003)

Did you not solve the issue regarding the webcam in post no. 4?


----------



## A19 JFO (Nov 24, 2008)

No, Ive still got the RUN DLL window popping up on start up.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created n your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## A19 JFO (Nov 24, 2008)

All I get when I download is a notepad page with masses of gibberish(to me) and a note across the top saying "this program cannot run in Dos Mode". How long does it run in silent mode if I ever get it to load and run right?


----------



## Cookiegal (Aug 27, 2003)

OK, let's try this different method using the same tool. This should tell us what is calling for that dll file.

Please download DDS by sUBs to your desktop from one of the following locations:[/B]

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe


Double-click DDS to run the program.

Make sure there is a check mark in the box beside dds.txt (there should be by default)
Place a check mark in the box beside attach.txt

*Do not select any other options unless specifically instructed to do so.*

Press Start to begin the scan

When the scan is finished, a log named dds.txt will open automatically and a second log named attach.txt will be minimized on your taskbar so please click on it to open it as well. Save both of the reports to your desktop and then copy and paste the contents of both logs in your post.


----------



## A19 JFO (Nov 24, 2008)

I'm not very good at this. I've got both scans on my Desktop taskbar, but I don't seem to be able to get them on here, I've clicked COPY and then PASTE, but no joy.


----------



## valis (Sep 24, 2004)

you need to have the notepad files open when you copy them. Once you have the notepad file open, click anywhere in the text, hit ctrl-a to copy it, and then come back here and hit ctrl-v in the reply box to paste the data.

thanks, 

v


----------



## flavallee (May 12, 2002)

If valis's instructions don't work for you, do the following:

Open the window to the text file.

Click *Edit - Select All - Edit - Copy*.

Leave the text file window open.

Return here to your thread and open a reply window.

Right-click within that reply window, then click *Paste*.

------------------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

Well, I think that I have copied them, (all the text was highlighted in blue!) but when I come back here I get no reaction when I press ctrl v. Obviously I must be doing something wrong, but what?


----------



## valis (Sep 24, 2004)

you haven't copied it yet. When the characters are blue, that means they are selected. Now you need to right click on any of the entries (RIGHT click, not left) and choose 'copy'. Then copy back here, right click in the quick reply box, select 'paste'.


----------



## A19 JFO (Nov 24, 2008)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 08/07/2010 1:13:34 PM
System Uptime: 25/01/2013 11:53:57 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 230 GiB total, 93.857 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 297.992 GiB free.
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Manufacturer: 
Name: 
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Service: 
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Service: 
.
==== System Restore Points ===================
.
RP733: 18/01/2013 10:41:42 AM - Windows Update
RP734: 19/01/2013 8:45:44 AM - Installed Java 7 Update 11
RP735: 20/01/2013 7:01:09 PM - Windows Backup
RP736: 22/01/2013 9:40:03 AM - Windows Update
RP737: 25/01/2013 12:04:45 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
Advanced Video FX Utility
Any Video Converter 2.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
Bonjour
BufferChm
C4700
calibre
CameraHelperMsi
Coupon Printer for Windows
Creative ALchemy
Creative Audio Console
Creative MediaSource
Creative MediaSource 5
Creative Photo Manager
Creative Software AutoUpdate
Creative WaveStudio 7
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Recommends
Dell Support Center
Dell System Detect
Destinations
DeviceDiscovery
Document Express DjVu Plug-in
DriverUpdate
DVDFab 8.1.6.3 (11/02/2012) Qt
erLT
exPressit S.E. 3.0
exPressit SX 3.1
Facebook Messenger 2.1.4651.0
Far Cry
Far Cry (Patch 1.4)
Feedback Tool
FixCleaner
Free DVD Video Burner version 3.1.3.1123
FrostWire 5.5.1
Get Yahoo! Messenger
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Memories Disc
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Print Projects 1.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
Intel(R) 537EP V9x DF PCI Modem
Internet TV for Windows Media Center
iolo technologies' System Mechanic
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Jewel Quest (remove only)
Junk Mail filter update
K-Lite Codec Pack 6.2.0 (Basic)
Kaspersky Internet Security 2012
Logitech SetPoint 6.22
Logitech Vid HD
Logitech Webcam Software
LucasArts' The Infernal Machine
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
Max RAM Optimizer
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Network
OGA Notifier 2.0.0048.0
OpenAL
Picasa 3
PPLite 1.0.0.0028
PS_AIO_06_C4700_SW_Min
PVSonyDll
QuickTime
QuickTransfer
Radialpoint Security Advisor 2.5.19
RPS CRT
Saitek SD6 Programming Software 6.6.6.9
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop for HP Supplies
Skype web features
Skype™ 5.10
SkyPlayer for Windows Media Center
SmartWebPrinting
SolutionCenter
Sound Blaster Audigy 2 ZS
Status
swMSM
Tomb Raider II
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
UserZoom survey tool
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 15.5
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
24/01/2013 7:55:39 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
20/01/2013 8:23:27 PM, Error: volsnap [25] - The shadow copies of volume F: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================


----------



## A19 JFO (Nov 24, 2008)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01).
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 08/07/2010 1:13:34 PM
System Uptime: 25/01/2013 11:53:57 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 230 GiB total, 93.857 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 297.992 GiB free.
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Manufacturer: 
Name: 
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Service: 
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Service: 
.
==== System Restore Points ===================
.
RP733: 18/01/2013 10:41:42 AM - Windows Update
RP734: 19/01/2013 8:45:44 AM - Installed Java 7 Update 11
RP735: 20/01/2013 7:01:09 PM - Windows Backup
RP736: 22/01/2013 9:40:03 AM - Windows Update
RP737: 25/01/2013 12:04:45 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
Advanced Video FX Utility
Any Video Converter 2.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
Bonjour
BufferChm
C4700
calibre
CameraHelperMsi
Coupon Printer for Windows
Creative ALchemy
Creative Audio Console
Creative MediaSource
Creative MediaSource 5
Creative Photo Manager
Creative Software AutoUpdate
Creative WaveStudio 7
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Recommends
Dell Support Center
Dell System Detect
Destinations
DeviceDiscovery
Document Express DjVu Plug-in
DriverUpdate
DVDFab 8.1.6.3 (11/02/2012) Qt
erLT
exPressit S.E. 3.0
exPressit SX 3.1
Facebook Messenger 2.1.4651.0
Far Cry
Far Cry (Patch 1.4)
Feedback Tool
FixCleaner
Free DVD Video Burner version 3.1.3.1123
FrostWire 5.5.1
Get Yahoo! Messenger
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Memories Disc
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Print Projects 1.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
Intel(R) 537EP V9x DF PCI Modem
Internet TV for Windows Media Center
iolo technologies' System Mechanic
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Jewel Quest (remove only)
Junk Mail filter update
K-Lite Codec Pack 6.2.0 (Basic)
Kaspersky Internet Security 2012
Logitech SetPoint 6.22
Logitech Vid HD
Logitech Webcam Software
LucasArts' The Infernal Machine
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
Max RAM Optimizer
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Network
OGA Notifier 2.0.0048.0
OpenAL
Picasa 3
PPLite 1.0.0.0028
PS_AIO_06_C4700_SW_Min
PVSonyDll
QuickTime
QuickTransfer
Radialpoint Security Advisor 2.5.19
RPS CRT
Saitek SD6 Programming Software 6.6.6.9
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop for HP Supplies
Skype web features
Skype™ 5.10
SkyPlayer for Windows Media Center
SmartWebPrinting
SolutionCenter
Sound Blaster Audigy 2 ZS
Status
swMSM
Tomb Raider II
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
UserZoom survey tool
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 15.5
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
24/01/2013 7:55:39 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
20/01/2013 8:23:27 PM, Error: volsnap [25] - The shadow copies of volume F: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================

.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 08/07/2010 1:13:34 PM
System Uptime: 25/01/2013 11:53:57 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 230 GiB total, 93.857 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 297.992 GiB free.
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Manufacturer: 
Name: 
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&01F0
Service: 
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&311D0FA0&0&2
Service: 
.
==== System Restore Points ===================
.
RP733: 18/01/2013 10:41:42 AM - Windows Update
RP734: 19/01/2013 8:45:44 AM - Installed Java 7 Update 11
RP735: 20/01/2013 7:01:09 PM - Windows Backup
RP736: 22/01/2013 9:40:03 AM - Windows Update
RP737: 25/01/2013 12:04:45 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
Advanced Video FX Utility
Any Video Converter 2.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
Bonjour
BufferChm
C4700
calibre
CameraHelperMsi
Coupon Printer for Windows
Creative ALchemy
Creative Audio Console
Creative MediaSource
Creative MediaSource 5
Creative Photo Manager
Creative Software AutoUpdate
Creative WaveStudio 7
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Recommends
Dell Support Center
Dell System Detect
Destinations
DeviceDiscovery
Document Express DjVu Plug-in
DriverUpdate
DVDFab 8.1.6.3 (11/02/2012) Qt
erLT
exPressit S.E. 3.0
exPressit SX 3.1
Facebook Messenger 2.1.4651.0
Far Cry
Far Cry (Patch 1.4)
Feedback Tool
FixCleaner
Free DVD Video Burner version 3.1.3.1123
FrostWire 5.5.1
Get Yahoo! Messenger
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Memories Disc
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Print Projects 1.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
Intel(R) 537EP V9x DF PCI Modem
Internet TV for Windows Media Center
iolo technologies' System Mechanic
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Jewel Quest (remove only)
Junk Mail filter update
K-Lite Codec Pack 6.2.0 (Basic)
Kaspersky Internet Security 2012
Logitech SetPoint 6.22
Logitech Vid HD
Logitech Webcam Software
LucasArts' The Infernal Machine
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
Max RAM Optimizer
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Network
OGA Notifier 2.0.0048.0
OpenAL
Picasa 3
PPLite 1.0.0.0028
PS_AIO_06_C4700_SW_Min
PVSonyDll
QuickTime
QuickTransfer
Radialpoint Security Advisor 2.5.19
RPS CRT
Saitek SD6 Programming Software 6.6.6.9
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop for HP Supplies
Skype web features
Skype™ 5.10
SkyPlayer for Windows Media Center
SmartWebPrinting
SolutionCenter
Sound Blaster Audigy 2 ZS
Status
swMSM
Tomb Raider II
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
UserZoom survey tool
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 15.5
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
24/01/2013 7:55:39 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
20/01/2013 8:23:27 PM, Error: volsnap [25] - The shadow copies of volume F: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
.
==== End Of File ===========================


----------



## flavallee (May 12, 2002)

I strongly advise you to get rid of

*FixCleaner

Iolo System Mechanic

Max RAM Optimizer*

and any other cleaner/booster/optimizer/tuneup type apps that you're using in that computer.

Using them can damage Windows and break programs and generate error/warning messages and wreak havoc with a computer.

-----------------------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

Yahaa, I think I've done it, seems an awful lot of text though. Befire I go any further i'd like to thank everyone on here who has taken their time to help me! Thanks.


----------



## Cookiegal (Aug 27, 2003)

OK, we're getting there.

But you posted the same log twice so I still need the dds.txt log please.


----------



## A19 JFO (Nov 24, 2008)

Will get rid of programs as advised. I'll be away for a wee while, while i do it.


----------



## Cookiegal (Aug 27, 2003)

Would you please post the other log first.


----------



## flavallee (May 12, 2002)

A19 JFO said:


> Will get rid of programs as advised. I'll be away for a wee while, while i do it.


That can wait until later.

Please follow Cookiegal's instructions.

---------------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by John O'Neill at 12:22:10 on 2013-01-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3070.1713 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Ubisoft\Register\register.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uProxyServer = 62.252.32.16:8080
uProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\users\john o'neill.johnoneill-pc\desktop\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: UserZoom survey tool: {3543619C-D563-43f7-95EA-4DA7E1CC396A} - c:\program files\userzoom survey tool\UserZoom.dll
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {7FF99715-3016-4381-84CE-E4E4C9673020} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4}: - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Facebook Update] "c:\users\john o'neill.johnoneill-pc\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
mRun: [CTHelper] CTHELPER.EXE
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\johno'~1.joh\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\john o'neill.johnoneill-pc\appdata\local\facebook\messenger\2.1.4651.0\FacebookMessenger.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\users\john o'neill.johnoneill-pc\desktop\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\users\john o'neill.johnoneill-pc\desktop\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://cdn4.userzoom.com/s/ie/UserZoom.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0DAC0E3A-426F-4320-A5C1-397B542FCAB0} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2010-7-8 77004]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-12-14 26248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-12-14 1053184]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-12-13 68464]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 SaiH353E;SaiH353E;c:\windows\system32\drivers\SaiH353E.sys [2008-4-4 136832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\users\john o'neill.johnoneill-pc\desktop\skype\updater\Updater.exe [2012-7-13 160944]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-1 15872]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-12-13 13024]
S3 TridVid;USB2.0 VIDBOX NM;c:\windows\system32\drivers\tridvid.sys [2011-9-6 201216]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-8 1343400]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-11-23 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-11-21 79360]
S4 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2012-5-16 1406264]
S4 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2012-5-16 689464]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
S4 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile=NOTEPAD.EXE "%1"
FileExt: .reg: regfile=NOTEPAD.EXE "%1"
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2013-01-25 12:22:15 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b428fdd8-f19e-44f8-b11b-32ac111eda2e}\offreg.dll
2013-01-25 12:06:42 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b428fdd8-f19e-44f8-b11b-32ac111eda2e}\mpengine.dll
2013-01-22 15:47:14 -------- d-----w- C:\MGADiagToolOutput
2013-01-19 08:47:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-09 12:53:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-09 12:49:36 -------- d-----w- c:\users\john o'neill.johnoneill-pc\appdata\roaming\Foresight Software
2013-01-09 12:49:17 -------- d-----w- c:\programdata\Foresight Software
2013-01-09 09:21:08 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 09:21:07 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 09:21:06 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-07 16:44:51 -------- d-----w- c:\windows\Cache
2013-01-06 11:56:05 505104 ----a-w- c:\windows\system32\msxml.dll
2013-01-06 11:55:58 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2013-01-06 11:55:58 69632 ----a-w- c:\windows\system32\xmltok.dll
2013-01-06 11:55:58 36864 ----a-w- c:\windows\system32\xmlparse.dll
2013-01-06 11:55:58 35840 ----a-w- c:\windows\system32\comdlg32.oca
2013-01-06 11:55:58 29184 ----a-w- c:\windows\system32\MSINET.oca
2013-01-06 11:55:58 28432 ----a-w- c:\windows\system32\msxmlr.dll
2013-01-06 11:55:58 26096 ----a-w- c:\windows\system32\xmlinst.exe
2012-12-31 09:10:12 -------- d-----w- c:\users\john o'neill.johnoneill-pc\appdata\local\Logitech® Webcam Software
2012-12-30 03:01:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-12-28 15:45:36 -------- d-----w- c:\users\john o'neill.johnoneill-pc\appdata\local\LogiShrd
2012-12-28 15:40:07 -------- d-----w- c:\users\john o'neill.johnoneill-pc\appdata\local\{6F7F066E-C3C5-465A-83D6-50C85D2E4D5F}
2012-12-28 15:22:34 53248 ----a-r- c:\users\john o'neill.johnoneill-pc\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-12-28 15:20:33 -------- d-----w- c:\program files\common files\LWS
.
==================== Find3M ====================
.
2013-01-25 11:58:37 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-18 17:21:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-18 17:21:00 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 22:21:10 74703 ----a-w- c:\windows\system32\mfc45.dat
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-06 23:57:56 41176 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-12-06 23:57:48 23128 ----a-w- c:\windows\system32\smrgdf.exe
2012-12-06 23:42:54 2097032 ----a-w- c:\windows\system32\Incinerator32.dll
2012-11-30 11:20:04 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-11-30 11:20:04 56200 ----a-w- c:\windows\system32\offreg.dll
2012-11-30 11:20:04 26248 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 12:23:32.41 ===============


----------



## A19 JFO (Nov 24, 2008)

Have I done the right one this time?


----------



## Cookiegal (Aug 27, 2003)

Yes and I can see the entry causing the problem you posted about. It's a run key in the registry calling for the file, which is what I suspected.

It will be easier to remove it with the following program.

Please go * here* to download *HijackThis*.

Click on the button that says *Download Now EXE Version* and save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*


----------



## A19 JFO (Nov 24, 2008)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:34:55 PM, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Ubisoft\Register\register.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\John O'Neill.JohnONeill-PC\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.32.16:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UserZoom survey tool - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Facebook Messenger.lnk = John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} (UserZoomAX2 Control) - https://cdn4.userzoom.com/s/ie/UserZoom.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe
--
End of file - 10585 bytes


----------



## A19 JFO (Nov 24, 2008)

Sorry I took so long, I'd just started when I had a visitor. He's just left.


----------



## A19 JFO (Nov 24, 2008)

Flavallee asked a question which seemed to get lost, but I've seen it now. yes, I do have a yellow question mark when I open device manager, it's beside "unknown device" I've had it for ages, so I don't think it's connected. There was another question about a number which I didn't understand.


----------



## Cookiegal (Aug 27, 2003)

The following should stop that message about the missing dll that you've been getting.

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

Then reboot and run another scan with HijackThis and post the new log please.

There is other stuff that needs to be addressed as well so please do the following:

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## A19 JFO (Nov 24, 2008)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:03 PM, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Users\John O'Neill.JohnONeill-PC\Downloads\HijackThis.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.32.16:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UserZoom survey tool - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Facebook Messenger.lnk = John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} (UserZoomAX2 Control) - https://cdn4.userzoom.com/s/ie/UserZoom.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe
--
End of file - 10404 bytes


----------



## A19 JFO (Nov 24, 2008)

# AdwCleaner v2.108 - Logfile created 01/25/2013 at 21:38:41
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : John O'Neill - JOHNONEILL-PC
# Boot Mode : Normal
# Running from : C:\Users\John O'Neill.JohnONeill-PC\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\user.js
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Searchqu Toolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
***** [Registry] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\FissaSearch
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\QuestScan
Key Found : HKU\S-1-5-21-841080056-3148159076-2394933303-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-841080056-3148159076-2394933303-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
*************************
AdwCleaner[R1].txt - [7537 octets] - [25/01/2013 21:38:41]
########## EOF - C:\AdwCleaner[R1].txt - [7597 octets] ##########


----------



## A19 JFO (Nov 24, 2008)

Just to keep you up to date, the problem is still there, the window popped up on both reboots.


----------



## Cookiegal (Aug 27, 2003)

I know because the fix didn't work. In any event, please run AdwCleaner again and this time choose the "delete" option then post the resulting log.

Also, after doing the above, please run HijackThis again and post the new log.


----------



## A19 JFO (Nov 24, 2008)

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 09:05:36
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : John O'Neill - JOHNONEILL-PC
# Boot Mode : Normal
# Running from : C:\Users\John O'Neill.JohnONeill-PC\Downloads\AdwCleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Searchqu Toolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\QuestScan
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
*************************
AdwCleaner[R1].txt - [7666 octets] - [25/01/2013 21:38:41]
AdwCleaner[S1].txt - [7475 octets] - [26/01/2013 09:05:36]
########## EOF - C:\AdwCleaner[S1].txt - [7535 octets] ##########


----------



## A19 JFO (Nov 24, 2008)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:29 AM, on 26/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\John O'Neill.JohnONeill-PC\Downloads\HijackThis (2).exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.32.16:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UserZoom survey tool - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Facebook Messenger.lnk = John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} (UserZoomAX2 Control) - https://cdn4.userzoom.com/s/ie/UserZoom.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe
--
End of file - 10105 bytes


----------



## A19 JFO (Nov 24, 2008)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:04 AM, on 26/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\John O'Neill.JohnONeill-PC\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.32.16:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UserZoom survey tool - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Messenger.lnk = John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} (UserZoomAX2 Control) - https://cdn4.userzoom.com/s/ie/UserZoom.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe
--
End of file - 10419 bytes


----------



## A19 JFO (Nov 24, 2008)

The second scan was "run as adminstrator", as advised in a pop up which appeared at the start of the first scan. I can't see any difference, but I don't have the trained eye like you, once again thanks for taking the time to help.


----------



## A19 JFO (Nov 24, 2008)

My service tag (question from Flavellee) is:- 5P8CL1J Help in any way?


----------



## flavallee (May 12, 2002)

What's the name of the entry(ies) in the Device Manager that has a yellow *?* next to it/them?

-----------------------------------------------------

According to service tag number 5P8CL1J, here is the support site that's specific only to your *Dell Dimension 8400* desktop - which was purchased in April 2005 and came with Windows XP Professional.

-----------------------------------------------------


----------



## A19 JFO (Nov 24, 2008)

Yes I changed XP for 7 about 18 months ago. The Dell support site only helps if you have XP installed, doesn't want to know if you have W7 installed. You're right about the purchase date.


----------



## flavallee (May 12, 2002)

Are you going to answer the question in post #58?

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Also, please run AdwCleaner again and this time select the "delete" option and post the resulting log.


----------



## A19 JFO (Nov 24, 2008)

Sorry, didn't notice it at the top. "Unknown device" under "Other Devices". I've had this since I changed to 7 from XP. I just live with it, it isn't something that pops up all the time. In fact it doesn't pop up at all. it's just, "there"!


----------



## A19 JFO (Nov 24, 2008)

I have run AdwCleaner and selected "delete" and posted the log this morning! Twice! The second one was longer than the first, as it was "run as administrator". Do want me to run it a second time?


----------



## A19 JFO (Nov 24, 2008)

Sorry, it was "HiJacKThis that I ran twice, but I have ran AdwCleaner and selected "delete" this morning and posted it.


----------



## A19 JFO (Nov 24, 2008)

It was post no. 53.


----------



## flavallee (May 12, 2002)

I'll leave you with Cookiegal.

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Sorry, my mistake.

Please continue flavallee.

A19 JFO, please provide the information flavallee requested in post no. 58.


----------



## A19 JFO (Nov 24, 2008)

I did, in post 62.


----------



## A19 JFO (Nov 24, 2008)

Why is marked solved at the top l/h corner, when it isn't?


----------



## valis (Sep 24, 2004)

i am not seeing it marked as 'solved'......i do see a button marked 'mark solved', but the thread is still open.


----------



## A19 JFO (Nov 24, 2008)

Sorry V, I realise now, it's the button to click when it is solved. Is that right?


----------



## valis (Sep 24, 2004)

Yup.


----------



## A19 JFO (Nov 24, 2008)

Why has everything stopped? I've answered all the questions, run what I've been asked, and posted what I've been asked to post. Is there any feed back on the stuff that I have posted? Have I done something wrong? I apologise if I have.


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## A19 JFO (Nov 24, 2008)

OTL logfile created on: 30/01/2013 7:03:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John O'Neill.JohnONeill-PC\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.18% Memory free
5.99 Gb Paging File | 4.18 Gb Available in Paging File | 69.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.03 Gb Total Space | 98.60 Gb Free Space | 42.86% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 169.19 Gb Free Space | 56.76% Space Free | Partition Type: NTFS

Computer Name: JOHNONEILL-PC | User Name: John O'Neill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 19:01:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John O'Neill.JohnONeill-PC\Downloads\OTL.exe
PRC - [2013/01/18 17:21:00 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/29 11:40:18 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012/09/25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/25 12:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 13:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2010/01/21 20:11:42 | 015,895,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 22:56:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/09 22:55:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 22:52:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 22:52:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 22:50:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 22:49:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 22:49:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 22:47:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012/09/25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012/09/25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/25 12:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/02 10:39:23 | 000,032,768 | ---- | M] () -- C:\Program Files\UserZoom survey tool\UserZoom.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 17:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 00:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV - [2013/01/18 17:21:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/10/29 11:40:18 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 13:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/11/23 00:03:09 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/11/21 12:35:38 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/08 12:51:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctgame.sys -- (ctgame)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNO'~1.JOH\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2013/01/25 11:58:37 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/11/30 11:20:04 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2012/11/30 11:20:04 | 000,026,248 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2012/10/29 11:40:32 | 000,586,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/18 17:40:16 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/27 22:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/10 10:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 10:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2008/04/04 13:35:00 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH353E.sys -- (SaiH353E)
DRV - [2008/03/17 16:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007/07/02 17:40:34 | 000,201,216 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/03/02 03:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 21:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 21:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 21:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/myweb...3qZEA&st=sb&n=77ecd73e&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/sport/0/football/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {66DDC99F-7224-48D1-9F1F-1415B8AC8213}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{66DDC99F-7224-48D1-9F1F-1415B8AC8213}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E6F531ED-C505-40F7-B276-7A4E67E9D0E2}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0234B1FC-63DB-49C0-A3B4-5D5F8AE62396
IE - HKCU\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/myweb...3qZEA&st=sb&n=77ecd73e&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.252.32.16:8080

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/09 22:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:49:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:49:05 | 000,000,000 | ---D | M]

[2012/04/10 11:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.virginmedia.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.virginmedia.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UserZoom survey tool) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll ()
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://cdn4.userzoom.com/s/ie/UserZoom.cab (UserZoomAX2 Control)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAC0E3A-426F-4320-A5C1-397B542FCAB0}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:42:18 | 000,000,175 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/06 19:24:01 | 000,002,636 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: (௿䤐๸繐ጯಜ)
O34 - HKLM BootExecute: ("耀")
O34 - HKLM BootExecute: (༤ఐ)
O34 - HKLM BootExecute: ("?")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 15:47:14 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/01/19 08:47:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/19 08:47:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/19 08:47:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 08:46:12 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/09 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/09 12:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/01/09 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Foresight Software
[2013/01/09 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/01/09 12:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/09 09:21:07 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 09:20:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 09:20:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 09:20:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:20:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:20:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:20:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:20:11 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 09:20:11 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 09:20:11 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 09:20:11 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 09:20:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 09:20:11 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 09:20:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 09:20:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 09:20:11 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 09:20:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 09:20:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 09:20:11 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 09:20:10 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 09:20:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 09:20:10 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 09:20:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 09:20:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 09:20:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/07 16:44:51 | 000,000,000 | ---D | C] -- C:\Windows\Cache
[2013/01/06 11:56:05 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2013/01/06 11:55:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2013/01/06 11:55:58 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll
[2013/01/06 11:55:58 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe
[2013/01/06 11:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/01/06 11:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2012/06/07 09:30:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/01/30 18:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 18:48:03 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-841080056-3148159076-2394933303-1001UA.job
[2013/01/30 18:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 09:46:43 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 09:46:43 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 09:43:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 09:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 09:41:16 | 2414,473,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/30 00:10:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/30 00:10:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/30 00:10:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/30 00:10:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/30 00:10:29 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/29 21:48:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-841080056-3148159076-2394933303-1001Core.job
[2013/01/28 14:47:51 | 002,117,864 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Canvass.jpg
[2013/01/25 11:58:37 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/24 12:24:13 | 000,000,026 | ---- | M] () -- C:\Windows\dvdSanta.INI
[2013/01/24 11:56:50 | 000,106,496 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/22 11:18:32 | 000,000,186 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Windows 7 - Tech Support Guy Forums.url
[2013/01/18 17:21:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/18 17:21:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 20:31:08 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2013/01/09 22:43:52 | 000,476,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 20:16:49 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 20:16:49 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/09 12:53:27 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/09 12:23:43 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/08 23:30:40 | 000,000,227 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\YouTube - aircraft carriers.url

========== Files Created - No Company Name ==========

[2013/01/28 14:50:28 | 002,117,864 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Canvass.jpg
[2013/01/22 11:18:32 | 000,000,186 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Windows 7 - Tech Support Guy Forums.url
[2013/01/18 18:58:49 | 000,001,342 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/01/16 13:12:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/11 20:31:08 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2013/01/09 12:53:27 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/09 12:23:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/06 11:55:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2013/01/06 11:55:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2013/01/06 11:55:58 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca
[2013/01/06 11:55:58 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca
[2012/12/13 22:21:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/12/13 21:58:48 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/18 10:37:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/06/07 11:49:48 | 000,000,029 | ---- | C] () -- C:\Windows\viewer.ini
[2012/06/07 11:27:29 | 000,140,800 | ---- | C] () -- C:\Windows\serifun.exe
[2012/06/07 09:30:39 | 000,087,608 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\inst.exe
[2012/06/07 09:30:39 | 000,007,887 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.cat
[2012/06/07 09:30:39 | 000,001,144 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.inf
[2012/06/06 05:34:33 | 000,001,057 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\vso_ts_preview.xml
[2012/05/07 10:03:05 | 000,000,500 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/05/07 09:58:04 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012/04/11 11:52:05 | 000,017,408 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\WebpageIcons.db
[2012/04/11 11:49:48 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/04/11 11:49:48 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/05 01:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xpcom.dll
[2012/01/05 00:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wlxphotosqm.dll
[2012/01/05 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wlxphotobase.dll
[2012/01/05 00:59:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\winhttp5.dll
[2012/01/05 00:59:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\watchdog.sys
[2012/01/05 00:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\w3tp.dll
[2012/01/05 00:59:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vsansi.dll
[2012/01/05 00:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vcomp90.dll
[2012/01/05 00:59:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sccore.dll
[2012/01/05 00:59:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\photobase.dll
[2012/01/05 00:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pdfport.dll
[2012/01/05 00:59:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\omdproject.dll
[2012/01/05 00:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ntdsetup.dll
[2012/01/05 00:59:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ntdsa.dll
[2012/01/05 00:59:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nspr4.dll
[2012/01/05 00:59:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nnotes.dll
[2012/01/05 00:59:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nativerd.dll
[2012/01/05 00:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcr90.dll
[2012/01/05 00:59:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcr80.dll
[2012/01/05 00:59:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcp90.dll
[2012/01/05 00:59:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcp80.dll
[2012/01/05 00:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcm90.dll
[2012/01/05 00:59:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcm80.dll
[2012/01/05 00:59:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msptls.dll
[2012/01/05 00:59:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mso.dll
[2012/01/05 00:59:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msdatl3.dll
[2012/01/05 00:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqsec.dll
[2012/01/05 00:59:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqrt.dll
[2012/01/05 00:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqqm.dll
[2012/01/05 00:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mpclient.dll
[2012/01/05 00:59:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc90u.dll
[2012/01/05 00:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc80u.dll
[2012/01/05 00:59:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc80.dll
[2012/01/05 00:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\metadatasys.dll
[2012/01/05 00:59:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\kdcsvc.dll
[2012/01/05 00:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\jp2klib.dll
[2012/01/05 00:59:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\infoadmn.dll
[2012/01/05 00:59:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\iisutil.dll
[2012/01/05 00:59:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\iisrtl.dll
[2012/01/05 00:59:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ieshims.dll
[2012/01/05 00:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\icucnv40.dll
[2012/01/05 00:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\fpwel.dll
[2012/01/05 00:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\fileinfo.dll
[2012/01/05 00:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\extendscript.dll
[2012/01/05 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dmxbici.dll
[2012/01/05 00:59:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\d3dx9_24.dll
[2012/01/05 00:59:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\corefoundation.dll
[2012/01/05 00:59:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cooltype.dll
[2012/01/05 00:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bjablr32.dll
[2012/01/05 00:59:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bibutils.dll
[2012/01/05 00:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bib.dll
[2012/01/05 00:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\axe8sharedexpat.dll
[2012/01/05 00:59:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atl90.dll
[2012/01/05 00:59:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ahclient.dll
[2012/01/05 00:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\agm.dll
[2012/01/05 00:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\admwprox.dll
[2012/01/05 00:59:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\acewstr.dll
[2012/01/05 00:58:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ace.dll
[2011/11/25 15:40:29 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/25 15:40:29 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/11/25 15:40:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/11/25 15:40:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/11/25 15:40:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/11/25 15:40:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/11/04 16:29:05 | 000,004,096 | ---- | C] () -- C:\Windows\System32\killprocdll.dll
[2011/10/27 08:18:19 | 000,000,335 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\burnaware.ini
[2011/10/03 09:35:04 | 000,207,356 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/10/03 09:35:04 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/08/30 16:57:05 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/08/30 16:56:24 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/08/30 16:56:16 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/08/30 16:56:15 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/08/30 16:56:15 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/08/30 16:56:15 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/05/16 16:36:13 | 000,022,575 | ---- | C] () -- C:\Windows\hpqins19.dat
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/03/01 14:54:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/01 14:49:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/03 18:42:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/19 12:06:10 | 000,000,017 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\resmon.resmoncfg
[2010/11/26 18:25:07 | 000,004,761 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Cabos.plist
[2010/11/26 18:16:38 | 000,000,437 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\CabosCore.bat
[2010/08/20 15:41:06 | 000,106,496 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 18:50:02 | 000,000,235 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\devices.xml
[2010/07/09 18:50:02 | 000,000,012 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\settings.xml
[2006/12/08 00:21:22 | 000,000,071 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\default.pls

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 756 bytes -> C:\Users\John O'Neill.JohnONeill-PC\Documents\bernie email.eml:OECustomProperty
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B946D9EE
< End of report >


----------



## A19 JFO (Nov 24, 2008)

OTL Extras logfile created on: 30/01/2013 7:03:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John O'Neill.JohnONeill-PC\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.18% Memory free
5.99 Gb Paging File | 4.18 Gb Available in Paging File | 69.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.03 Gb Total Space | 98.60 Gb Free Space | 42.86% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 169.19 Gb Free Space | 56.76% Space Free | Partition Type: NTFS

Computer Name: JOHNONEILL-PC | User Name: John O'Neill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18F45137-77CB-4D77-B76C-EC391B22612F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{290DA159-4449-411B-B632-F284C042E79B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{29B732C2-62CE-4171-A61A-9B0B9DA9051D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2A0A6AB0-8F3A-43BF-8EC9-C947E97D9C26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{32AF7FB5-BFD3-46F8-ADAD-4F408523A622}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3803E8D0-5318-40ED-A375-F32DEE931A40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E7A1067-4D44-4FF2-8A8D-DB28CA1EAE3F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{42D229EA-2FA4-4BDB-9632-F574AD99A353}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{435B613C-7E52-4140-A92C-C01F915D7D6B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{65286040-F593-4782-BFA2-2FB307171F85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{661FCB65-4C48-4E5F-89AB-F02FDE1B1E6E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{90012B65-8D6C-48D7-896D-0CBF7827AC0A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{948E2314-2F6A-4188-860D-9A8090F55808}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A440BA50-98B3-4D75-8A13-D4E803E205D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AAFD7527-A5C1-4D67-B9D6-D5CBE3385BBD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{AB943E23-D2F2-4C2C-892C-522C3F5D6DFE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C668441D-6068-469A-A24B-08247AF28A54}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{C92EF8D4-5FC2-4616-AE9F-6FF6AB03024B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC9063F2-B808-425F-BF40-E13E6C7091CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CE745584-BC28-489D-867D-E0E6A2F6988D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DE621A7D-1588-4F3A-BB4F-3F30BB9D8197}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{ED8DF221-6515-475B-B755-6F2BA74FA6AB}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{F1EA99C7-ED40-4120-8B14-760922821825}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D1E756-A90E-45AD-A8EC-74D23FD12CD2}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{03D96A47-7250-4BBF-982E-847B7743E841}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{0556A070-8F5F-4902-9BCE-AEA1BDFD2898}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{0DDF4B5F-F673-4A2C-A3A0-208ECF96A476}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AABEAEA-E036-467A-9BEA-0B7437E59B17}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{2177AA1A-CF21-4AF6-98D0-2218A1B2E85C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{24F2DE6A-015B-4010-83A6-648ABF7EFCC4}" = protocol=6 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\microsoft\windows\temporary internet files\content.ie5\54vstlsm\sweetimsetup.exe | 
"{324BF1EC-EB96-4EF0-A717-A53588AB96DD}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{357E84E1-64A1-4A71-B00F-9D0FBCEDEFA3}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{39B261FD-33E9-41B1-961B-D404C5478750}" = dir=in | app=c:\users\john o'neill.johnoneill-pc\desktop\skype\plugin manager\skypepm.exe | 
"{39DDE8BC-6A17-44D1-BA5C-72E506D71B80}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3C1062E5-53ED-4E67-A383-3A76BF42D4AE}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe | 
"{3DC6CECD-FD5F-43B2-84C1-D99DE4A313F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{410AC6F9-1314-4C0B-94E0-765B4514D656}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{45A99FC0-ED30-4BFA-AD56-D30EF08C4C42}" = protocol=1 | dir=out | [email protected],-28544 | 
"{49BFEB46-1A90-4C31-AE8D-7CD1F344A0D8}" = protocol=1 | dir=in | [email protected],-28543 | 
"{50B3C6F9-5C94-493E-B380-346EE70D1698}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe | 
"{530CC4FE-71FA-46A9-AD62-F388406F7A6B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{5394687F-EE56-4547-A78E-8794476624A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{5B041CAA-B576-45A1-A67B-EB355FECC297}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{5CB8A39D-EB5E-4034-A118-DF91EBFD570C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{5E2F267B-F897-47E1-AD00-0BAFF38E8F68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{61FAA795-9222-4C87-8613-1FB7A5AF72A4}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6440F2A9-A175-44F1-A367-AD846E32138F}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{6AB3D99A-5810-4D2B-ACC7-40DDC8599655}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{769EEFE1-FD91-46BF-B564-9E3615E77EBF}" = protocol=17 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\microsoft\windows\temporary internet files\content.ie5\54vstlsm\sweetimsetup.exe | 
"{77D9646B-0C78-45DB-9571-53F375AA3CDC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{82E363C6-522E-4C63-AC46-4D01CC966173}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{8406F2B4-0DC5-43D6-9A6A-1BD7BE51519B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{854E3862-BB85-408D-B875-E9E1C0672741}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9193DDD0-72B6-4E98-97D3-640BB3A6306F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{919AC38E-069B-417A-B256-6AFFBA99C916}" = dir=in | app=c:\users\john o'neill.johnoneill-pc\desktop\skype\phone\skype.exe | 
"{9261C915-C99D-4BDD-9077-B6C8EB83C92E}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{997C015D-0EF5-4C65-AD6B-3A835C6D6DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{99933101-BEAC-4C82-9917-D3CC6652F9E0}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{A1F37843-C2FC-44F9-9BA1-DCA4A44CD5BF}" = protocol=17 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\temp\~os8c1a.tmp\prmrsr.exe | 
"{A34A0FDD-CDC4-4076-8B9C-125901C85E4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A8227400-C470-4836-84D3-BAE66FF14E2D}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{AEE11CFB-0D2F-40E0-B03E-957A52577A3F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B09D155F-8ABE-4684-911D-5375E7097F98}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | 
"{B265C836-830A-4809-B901-9A78E3064A2E}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B2FE327E-A601-4CAA-99AA-EB4C73909095}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{B3BB83BE-158E-49CC-BB4E-909227344211}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B5310194-D464-4D82-BF16-2F53EBBA8CB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B69B9506-1EA2-4B04-B02B-11138532BA48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BA3A1158-34AA-45DB-ACF6-32B0B4FC2EFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF663A75-A475-4888-A442-5231087BDCCE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{C7F6BE7B-3289-4536-8FE1-55390EB47EEB}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C8684C78-9B2B-4E00-9B4B-B851F47AF95B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C8C2E7A0-A0C2-4F1C-BEE9-8A281D9E9BA5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{CBB9F9F8-170F-44D6-8109-E402A5FD0366}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{CDA1A816-9987-4B4E-BFDB-E66DEA8AE102}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D05BDC41-0554-4216-884E-18BDD11EB893}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{D0680118-E524-457A-A4BB-E8D61553E2F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E04D2E60-FA24-4C92-B364-4185DEEC1DF4}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{E2799720-A4DE-4EC8-9826-186BB285B425}" = protocol=6 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\temp\~os8c1a.tmp\prmrsr.exe | 
"{E949BAF2-E717-4215-878B-F9F1A34938B7}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | 
"{E988B273-4732-4DB6-A7BD-03976D8BE75F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{EBD66043-27D0-4870-A535-0CBAA5F302D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{ED56B926-C9A9-41F2-B99D-D94D83B32595}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{F20D81A8-FE4E-4F2B-87B6-A680C9BC5B71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"TCP Query User{26BE2861-542D-4983-9DAE-310AEBADB91C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7BA680D1-0200-4F5E-B7EE-BB7EB7A9DBCE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{913B8F71-E46F-461A-902C-65D24A377820}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe | 
"TCP Query User{946902BB-855A-46E4-BBA8-B0D0CEEAA463}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{97B1642D-A346-40B4-96F7-05F0B3A58BE4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{A6DC4A91-8FF8-4623-808E-295CC9D5BB7D}C:\users\john o'neill.johnoneill-pc\desktop\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\john o'neill.johnoneill-pc\desktop\skype\phone\skype.exe | 
"TCP Query User{B8AF08D6-9443-4B8C-9208-C3B578146769}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | 
"TCP Query User{B95E2EBA-DAEC-4BB6-8FBF-31997AA63DB8}C:\users\john o'neill.johnoneill-pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{D4F31533-3061-4A34-BE30-3B23F0A226C8}F:\limewire\limewire.exe" = protocol=6 | dir=in | app=f:\limewire\limewire.exe | 
"TCP Query User{F753893C-FC1A-40E5-85DA-9D77A2BB278D}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"UDP Query User{4101C882-6708-4CA2-A1D3-9D75A96A8CB5}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | 
"UDP Query User{4B44EC64-040F-46E0-910E-C5F607BF9A30}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe | 
"UDP Query User{56C0B06D-63BF-4F6A-8CF9-500D8139BFF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{6F58EE21-95A0-4096-AF86-96032D2E6142}C:\users\john o'neill.johnoneill-pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\john o'neill.johnoneill-pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"UDP Query User{8688D5A2-4197-4169-BAA5-75FD2E231FF2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{9C92C604-3E2F-411A-8B05-82B7AF53111C}C:\users\john o'neill.johnoneill-pc\desktop\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\john o'neill.johnoneill-pc\desktop\skype\phone\skype.exe | 
"UDP Query User{9EE39398-A9A9-456A-A5D5-414A72688B60}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"UDP Query User{A317AF3F-51C1-429F-94F3-6313D9720B02}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{DFC7D0F4-992C-4CDE-9DF5-ABE14B71C6ED}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{FC17E244-4DF6-49B3-AC7E-E006142566FF}F:\limewire\limewire.exe" = protocol=17 | dir=in | app=f:\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A795E68-BD67-40EC-899F-CEE817F723CF}" = calibre
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D8E1ADE-CEA6-4A35-8D73-963F16C40FD3}" = Document Express DjVu Plug-in
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB42C935-456E-4A6C-B357-FDEE7A59FE21}" = exPressit SX 3.1
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced Video FX Utility" = Advanced Video FX Utility
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Console
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Digital Editions" = Adobe Digital Editions
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Family Tree Builder" = MyHeritage Family Tree Builder
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.3.1123
"FrostWire 5" = FrostWire 5.5.1
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Jewel Quest" = Jewel Quest (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Logitech Vid" = Logitech Vid HD
"LucasArts' The Infernal Machine" = LucasArts' The Infernal Machine
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Dell Support Center
"Picasa 3" = Picasa 3
"PPLite" = PPLite 1.0.0.0028
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.22
"Tomb Raider II" = Tomb Raider II
"TomTom HOME" = TomTom HOME 2.7.6.2056
"UserZoom survey tool3.5" = UserZoom survey tool
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.0" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"DellDirect" = Dell Recommends
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/01/2013 6:12:32 AM | Computer Name = JohnONeill-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 27/01/2013 12:31:38 PM | Computer Name = JohnONeill-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/01/2013 12:31:53 PM | Computer Name = JohnONeill-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/01/2013 5:05:05 AM | Computer Name = JohnONeill-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 28/01/2013 10:00:46 AM | Computer Name = JohnONeill-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9dc Start
Time: 01cdfd5f86dada2c Termination Time: 56 Application Path: C:\Windows\system32\NOTEPAD.EXE
Report
Id: 16f806ac-6953-11e2-9cc2-00111179a482

Error - 28/01/2013 10:46:16 AM | Computer Name = JohnONeill-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: da0 Start
Time: 01cdfd662d31e3e1 Termination Time: 50 Application Path: C:\Windows\system32\NOTEPAD.EXE
Report
Id: 70e58d03-6959-11e2-9cc2-00111179a482

Error - 29/01/2013 5:54:27 AM | Computer Name = JohnONeill-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 30/01/2013 5:46:46 AM | Computer Name = JohnONeill-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 30/01/2013 6:38:44 AM | Computer Name = JohnONeill-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 570 Start
Time: 01cdfed43c9d0bfd Termination Time: 62 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 30/01/2013 6:45:17 AM | Computer Name = JohnONeill-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1784 Start
Time: 01cdfed5fa76c24c Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ Media Center Events ]
Error - 23/01/2011 11:37:19 AM | Computer Name = JohnONeill-PC | Source = MCUpdate | ID = 0
Description = 15:37:19 - Error connecting to the internet. 15:37:19 - Unable 
to contact server..

Error - 23/01/2011 11:37:34 AM | Computer Name = JohnONeill-PC | Source = MCUpdate | ID = 0
Description = 15:37:24 - Error connecting to the internet. 15:37:24 - Unable 
to contact server..

Error - 23/01/2011 2:56:45 PM | Computer Name = JohnONeill-PC | Source = MCUpdate | ID = 0
Description = 18:56:45 - Error connecting to the internet. 18:56:45 - Unable 
to contact server..

Error - 23/01/2011 2:57:02 PM | Computer Name = JohnONeill-PC | Source = MCUpdate | ID = 0
Description = 18:56:50 - Error connecting to the internet. 18:56:50 - Unable 
to contact server..

[ System Events ]
Error - 24/01/2013 3:49:30 AM | Computer Name = JohnONeill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:22:48 on ?23/?01/?2013 was unexpected.

Error - 24/01/2013 3:55:39 AM | Computer Name = JohnONeill-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 25/01/2013 7:54:21 AM | Computer Name = JohnONeill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:01:40 on ?24/?01/?2013 was unexpected.

Error - 25/01/2013 5:03:42 PM | Computer Name = JohnONeill-PC | Source = DCOM | ID = 10010
Description =

Error - 25/01/2013 5:06:34 PM | Computer Name = JohnONeill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:05:29 on ?25/?01/?2013 was unexpected.

Error - 26/01/2013 2:04:38 PM | Computer Name = JohnONeill-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 27/01/2013 3:17:20 PM | Computer Name = JohnONeill-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AVP service.

Error - 28/01/2013 5:04:53 AM | Computer Name = JohnONeill-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the 
phase two initialization.

Error - 29/01/2013 5:28:48 AM | Computer Name = JohnONeill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:19:58 on ?28/?01/?2013 was unexpected.

Error - 30/01/2013 5:41:23 AM | Computer Name = JohnONeill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:09:58 on ?30/?01/?2013 was unexpected.

< End of report >


----------



## A19 JFO (Nov 24, 2008)

How's that? did I do it right?


----------



## Cookiegal (Aug 27, 2003)

Yes, you did it right.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=...q={searchTerms}
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{66DDC99F-7224-48D1-9F1F-1415B8AC8213}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT3196716
IE - HKCU\..\SearchScopes\{E6F531ED-C505-40F7-B276-7A4E67E9D0E2}: "URL" = http://websearch.ask.com/redirect?cl...4-5D5F8AE62396
IE - HKCU\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O4 - HKLM..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 File not found
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## A19 JFO (Nov 24, 2008)

OTL logfile created on: 31/01/2013 10:07:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John O'Neill.JohnONeill-PC\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.72% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.03 Gb Total Space | 98.52 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: JOHNONEILL-PC | User Name: John O'Neill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 19:01:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John O'Neill.JohnONeill-PC\Downloads\OTL.exe
PRC - [2013/01/18 17:21:00 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/29 11:40:18 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012/09/25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/25 12:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 13:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2010/01/21 20:11:42 | 015,895,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 22:56:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/09 22:55:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 22:52:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 22:52:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 22:50:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 22:49:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 22:49:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 22:47:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012/09/25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012/09/25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/25 12:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/02 10:39:23 | 000,032,768 | ---- | M] () -- C:\Program Files\UserZoom survey tool\UserZoom.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 17:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 00:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV - [2013/01/18 17:21:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/10/29 11:40:18 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 13:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/11/23 00:03:09 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/11/21 12:35:38 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/08 12:51:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctgame.sys -- (ctgame)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNO'~1.JOH\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2013/01/25 11:58:37 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/11/30 11:20:04 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV - [2012/11/30 11:20:04 | 000,026,248 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2012/10/29 11:40:32 | 000,586,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/18 17:40:16 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/27 22:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/10 10:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 10:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2008/04/04 13:35:00 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH353E.sys -- (SaiH353E)
DRV - [2008/03/17 16:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007/07/02 17:40:34 | 000,201,216 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/03/02 03:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 21:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 21:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 21:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/sport/0/football/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.252.32.16:8080

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/09 22:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/10/29 11:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:49:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:49:05 | 000,000,000 | ---D | M]

[2012/04/10 11:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.virginmedia.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.virginmedia.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UserZoom survey tool) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Program Files\UserZoom survey tool\UserZoom.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Users\John O'Neill.JohnONeill-PC\Desktop\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278604915830 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://cdn4.userzoom.com/s/ie/UserZoom.cab (UserZoomAX2 Control)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAC0E3A-426F-4320-A5C1-397B542FCAB0}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 12:42:18 | 000,000,175 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/06 19:24:01 | 000,002,636 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: (௿䤐๸繐ጯಜ)
O34 - HKLM BootExecute: ("耀")
O34 - HKLM BootExecute: (༤ఐ)
O34 - HKLM BootExecute: ("?")
O34 - HKLM BootExecute: ("")
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 09:45:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/22 15:47:14 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/01/19 08:47:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/19 08:47:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/19 08:47:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 08:46:12 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/09 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/09 12:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/01/09 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Foresight Software
[2013/01/09 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/01/09 12:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/09 09:21:07 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 09:20:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 09:20:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 09:20:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:20:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:20:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:20:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:20:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:20:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:20:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:20:11 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 09:20:11 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 09:20:11 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 09:20:11 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 09:20:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 09:20:11 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 09:20:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 09:20:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 09:20:11 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 09:20:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 09:20:11 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 09:20:11 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 09:20:10 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 09:20:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 09:20:10 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 09:20:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 09:20:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 09:20:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/07 16:44:51 | 000,000,000 | ---D | C] -- C:\Windows\Cache
[2013/01/06 11:56:05 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2013/01/06 11:55:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2013/01/06 11:55:58 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll
[2013/01/06 11:55:58 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe
[2013/01/06 11:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/01/06 11:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2012/06/07 09:30:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/01/31 09:56:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 09:55:38 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:55:38 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:51:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 09:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 09:50:15 | 2414,473,216 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 09:47:12 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/31 09:47:12 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/31 09:47:12 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/31 09:47:12 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/31 09:47:12 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2013/01/31 09:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 21:48:01 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-841080056-3148159076-2394933303-1001UA.job
[2013/01/30 21:48:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-841080056-3148159076-2394933303-1001Core.job
[2013/01/28 14:47:51 | 002,117,864 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Canvass.jpg
[2013/01/25 11:58:37 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/24 12:24:13 | 000,000,026 | ---- | M] () -- C:\Windows\dvdSanta.INI
[2013/01/24 11:56:50 | 000,106,496 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/22 11:18:32 | 000,000,186 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Windows 7 - Tech Support Guy Forums.url
[2013/01/18 17:21:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/18 17:21:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 20:31:08 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2013/01/09 22:43:52 | 000,476,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 20:16:49 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 20:16:49 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/09 12:53:27 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/09 12:23:43 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/08 23:30:40 | 000,000,227 | ---- | M] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\YouTube - aircraft carriers.url

========== Files Created - No Company Name ==========

[2013/01/28 14:50:28 | 002,117,864 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Canvass.jpg
[2013/01/22 11:18:32 | 000,000,186 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\Desktop\Windows 7 - Tech Support Guy Forums.url
[2013/01/18 18:58:49 | 000,001,342 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/01/16 13:12:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/11 20:31:08 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2013/01/09 12:53:27 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/09 12:23:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/06 11:55:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2013/01/06 11:55:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2013/01/06 11:55:58 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca
[2013/01/06 11:55:58 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca
[2012/12/13 22:21:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/12/13 21:58:48 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/18 10:37:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/06/07 11:49:48 | 000,000,029 | ---- | C] () -- C:\Windows\viewer.ini
[2012/06/07 11:27:29 | 000,140,800 | ---- | C] () -- C:\Windows\serifun.exe
[2012/06/07 09:30:39 | 000,087,608 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\inst.exe
[2012/06/07 09:30:39 | 000,007,887 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.cat
[2012/06/07 09:30:39 | 000,001,144 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\pcouffin.inf
[2012/06/06 05:34:33 | 000,001,057 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\vso_ts_preview.xml
[2012/05/07 10:03:05 | 000,000,500 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/05/07 09:58:04 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012/04/11 11:52:05 | 000,017,408 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\WebpageIcons.db
[2012/04/11 11:49:48 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/04/11 11:49:48 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/05 01:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xpcom.dll
[2012/01/05 00:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wlxphotosqm.dll
[2012/01/05 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wlxphotobase.dll
[2012/01/05 00:59:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\winhttp5.dll
[2012/01/05 00:59:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\watchdog.sys
[2012/01/05 00:59:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\w3tp.dll
[2012/01/05 00:59:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vsansi.dll
[2012/01/05 00:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\vcomp90.dll
[2012/01/05 00:59:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sccore.dll
[2012/01/05 00:59:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\photobase.dll
[2012/01/05 00:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pdfport.dll
[2012/01/05 00:59:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\omdproject.dll
[2012/01/05 00:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ntdsetup.dll
[2012/01/05 00:59:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ntdsa.dll
[2012/01/05 00:59:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nspr4.dll
[2012/01/05 00:59:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nnotes.dll
[2012/01/05 00:59:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nativerd.dll
[2012/01/05 00:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcr90.dll
[2012/01/05 00:59:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcr80.dll
[2012/01/05 00:59:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcp90.dll
[2012/01/05 00:59:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcp80.dll
[2012/01/05 00:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcm90.dll
[2012/01/05 00:59:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msvcm80.dll
[2012/01/05 00:59:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msptls.dll
[2012/01/05 00:59:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mso.dll
[2012/01/05 00:59:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msdatl3.dll
[2012/01/05 00:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqsec.dll
[2012/01/05 00:59:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqrt.dll
[2012/01/05 00:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mqqm.dll
[2012/01/05 00:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mpclient.dll
[2012/01/05 00:59:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc90u.dll
[2012/01/05 00:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc80u.dll
[2012/01/05 00:59:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\mfc80.dll
[2012/01/05 00:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\metadatasys.dll
[2012/01/05 00:59:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\kdcsvc.dll
[2012/01/05 00:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\jp2klib.dll
[2012/01/05 00:59:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\infoadmn.dll
[2012/01/05 00:59:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\iisutil.dll
[2012/01/05 00:59:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\iisrtl.dll
[2012/01/05 00:59:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ieshims.dll
[2012/01/05 00:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\icucnv40.dll
[2012/01/05 00:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\fpwel.dll
[2012/01/05 00:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\fileinfo.dll
[2012/01/05 00:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\extendscript.dll
[2012/01/05 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dmxbici.dll
[2012/01/05 00:59:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\d3dx9_24.dll
[2012/01/05 00:59:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\corefoundation.dll
[2012/01/05 00:59:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cooltype.dll
[2012/01/05 00:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bjablr32.dll
[2012/01/05 00:59:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bibutils.dll
[2012/01/05 00:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\bib.dll
[2012/01/05 00:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\axe8sharedexpat.dll
[2012/01/05 00:59:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atl90.dll
[2012/01/05 00:59:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ahclient.dll
[2012/01/05 00:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\agm.dll
[2012/01/05 00:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\admwprox.dll
[2012/01/05 00:59:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\acewstr.dll
[2012/01/05 00:58:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ace.dll
[2011/11/25 15:40:29 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/25 15:40:29 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/11/25 15:40:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/11/25 15:40:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/11/25 15:40:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/11/25 15:40:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/11/04 16:29:05 | 000,004,096 | ---- | C] () -- C:\Windows\System32\killprocdll.dll
[2011/10/27 08:18:19 | 000,000,335 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\burnaware.ini
[2011/10/03 09:35:04 | 000,207,356 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/10/03 09:35:04 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/08/30 16:57:05 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/08/30 16:56:24 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/08/30 16:56:16 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/08/30 16:56:15 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/08/30 16:56:15 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/08/30 16:56:15 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/05/16 16:36:13 | 000,022,575 | ---- | C] () -- C:\Windows\hpqins19.dat
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/03/01 14:54:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/01 14:49:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/03 18:42:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/19 12:06:10 | 000,000,017 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\resmon.resmoncfg
[2010/11/26 18:25:07 | 000,004,761 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\Cabos.plist
[2010/11/26 18:16:38 | 000,000,437 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\CabosCore.bat
[2010/08/20 15:41:06 | 000,106,496 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 18:50:02 | 000,000,235 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\devices.xml
[2010/07/09 18:50:02 | 000,000,012 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\AppData\Roaming\settings.xml
[2006/12/08 00:21:22 | 000,000,071 | ---- | C] () -- C:\Users\John O'Neill.JohnONeill-PC\default.pls

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 756 bytes -> C:\Users\John O'Neill.JohnONeill-PC\Documents\bernie email.eml:OECustomProperty
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B946D9EE
< End of report >


----------



## A19 JFO (Nov 24, 2008)

Sorry, boobed, it's a full scan, not a quick scan. I was so excited, I think you've cracked it, the pop up didn't appear on the restart.


----------



## Cookiegal (Aug 27, 2003)

Yes, that last fix removed it.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## A19 JFO (Nov 24, 2008)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 18:15:14
-----------------------------
18:15:14.527 OS Version: Windows 6.1.7601 Service Pack 1
18:15:14.527 Number of processors: 2 586 0x401
18:15:14.558 ComputerName: JOHNONEILL-PC UserName: John O'Neill
18:15:51.949 Initialize success
18:18:19.303 AVAST engine defs: 13013100
18:18:30.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:18:30.803 Disk 0 Vendor: WDC_WD2500JD-75HBB0 08.02D08 Size: 238418MB BusType: 3
18:18:30.819  Disk 0 MBR read successfully
18:18:30.819 Disk 0 MBR scan
18:18:30.834 Disk 0 Windows 7 default MBR code
18:18:30.850 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
18:18:30.866 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 235546 MB offset 96390
18:18:30.928 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 2816 MB offset 482496210
18:18:30.944 Disk 0 scanning sectors +488263545
18:18:31.022 Disk 0 scanning C:\Windows\system32\drivers
18:18:52.987 Service scanning
18:19:06.559 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:19:06.590 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:19:07.261 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:19:07.292 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:19:29.931 Modules scanning
18:19:39.746 Disk 0 trace - called modules:
18:19:39.808 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys ctoss2k.sys ctaud2k.sys hap16v2k.sys ha10kx2k.sys 
18:19:39.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87095a40]
18:19:39.839 3 CLASSPNP.SYS[8d37459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86f92030]
18:19:40.730 AVAST engine scan C:\Windows
18:19:46.034 AVAST engine scan C:\Windows\system32
18:24:32.902 AVAST engine scan C:\Windows\system32\drivers
18:24:58.845 AVAST engine scan C:\Users\John O'Neill.JohnONeill-PC
18:38:06.376 AVAST engine scan C:\ProgramData
18:43:36.128 Scan finished successfully
18:45:38.667 Disk 0 MBR has been saved successfully to "C:\Users\John O'Neill.JohnONeill-PC\Desktop\MBR.dat"
18:45:38.682 The log file has been saved successfully to "C:\Users\John O'Neill.JohnONeill-PC\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

That looks good.

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please


----------



## A19 JFO (Nov 24, 2008)

3À&#381;Ð¼ |&#381;À&#381;Ø¾ |¿ ¹ üó¤PhËû¹ ½¾&#8364;~ |&#8230;&#402;ÅâñÍ&#710;V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`&#8364;~ t&fh fÿvh h |h h ´B&#352;V &#8249;ôÍ&#376;&#402;Ä&#382;ë¸» |&#352;V &#352;v&#352;N&#352;nÍfasþNu&#8364;~ &#8364;&#8222;&#352; ²&#8364;ë&#8222;U2ä&#352;V Í]ë&#382;>þ}Uªunÿv è uú°Ñædè&#402; °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä &#8249;ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{&#353;#«A  Þþ?? Gx &#8364; þÿÿ&#8224;x LÖÀ ÁÿÛþÿÿÒNÂ§ X Uª


----------



## A19 JFO (Nov 24, 2008)

Not sure that this went as it should, as I didn't get to download it as administrator, as somehow it started to download the Avast Database on it's own! I think after that it went almost right.


----------



## A19 JFO (Nov 24, 2008)

Don't know what that secong log was.


----------



## Cookiegal (Aug 27, 2003)

A19 JFO said:


> Not sure that this went as it should, as I didn't get to download it as administrator, as somehow it started to download the Avast Database on it's own! I think after that it went almost right.


Yes, it has to download the Avast definitions, which it did and the log was fine.


----------



## Cookiegal (Aug 27, 2003)

A19 JFO said:


> 3ÀÐ¼ |ÀØ¾ |¿ ¹ üó¤PhËû¹ ½¾~ |ÅâñÍV UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`~ t&fh fÿvh h |h h ´BV ôÍÄë¸» |V vNnÍfasþNu~  ²ëU2äV Í]ë>þ}Uªunÿv è uú°Ñædè °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{#«A  Þþ?? Gx  þÿÿx LÖÀ ÁÿÛþÿÿÒNÂ§ X Uª


What created this?


----------



## A19 JFO (Nov 24, 2008)

That was with aswMBR, it was in NotePad???????


----------



## A19 JFO (Nov 24, 2008)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK


----------



## A19 JFO (Nov 24, 2008)

Surely that can't be right, looks too small.


----------



## Cookiegal (Aug 27, 2003)

A19 JFO said:


> That was with aswMBR, it was in NotePad???????


OK, that was from the contents of the mbr.dat file which is not intended to be read or posted.


----------



## Cookiegal (Aug 27, 2003)

A19 JFO said:


> Surely that can't be right, looks too small.


Indeed. Please try running the scan again and posting the correct log.


----------



## A19 JFO (Nov 24, 2008)

When I opened the program in "Program Files", there was only one log listed, "log",no ".txt" - it said it was a text file so I thought it was the one you wanted.


----------



## A19 JFO (Nov 24, 2008)

I'm running the scan again to see if there's anything different, and of course, because you wanted me to!


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## A19 JFO (Nov 24, 2008)

Sorry, can't find the log.txt, but there were no threats found.


----------



## Cookiegal (Aug 27, 2003)

As long as there were no threats found, that's the main thing.

Are there any problems remaining with the computer?


----------



## A19 JFO (Nov 24, 2008)

No, thanks to you it all seems to be running "like a computer". Thank you very, very much! Who clicks the "Mark Solved" button?


----------



## Cookiegal (Aug 27, 2003)

You do, please. 

You're quite welcome.


----------



## A19 JFO (Nov 24, 2008)

Thank you! Done.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

