# Is Google Hacking My Computer?



## James321 (Apr 10, 2013)

Every single time I log onto the Internet my computer becomes exceptionally busy such that I can hardly do anything, everything grinds to a virtual halt. This can last for anything up to half an hour. I get a warning message appears on the screen explaining that my computer is busy because of "High Disk usage by Google Chrome".

But why should Google Chrome be accessing my disk without my prior permission? Is this a case of PRISM at work?

What should I do?


----------



## valis (Sep 24, 2004)

uh, no, it's not prism......

are you getting the same deal with FF and IE?


----------



## Infti (Mar 5, 2013)

"uh, no, it's not prism......"

Does the "uh" mean you're not sure?


----------



## valis (Sep 24, 2004)

no, it means that prism isn't going to be affecting the general populace.


----------



## Infti (Mar 5, 2013)

It appears to me that "no, it's not prism" means that prism isn't going to be affecting the general populace".

"uh" certainly does not mean that (or anything else as far as I can tell, except that you're not sure of what you're saying (or want to seem "presidential", like Jay Carney)).

You probably won't revise your opinion, but it is widely known that prism does and will continue to affect the general populace.

See http://en.wikipedia.org/wiki/PRISM_(surveillance_program)


----------



## valis (Sep 24, 2004)

no, I won't....in that whatever is causing his computer to slow down, it's not Prism.


----------



## Infti (Mar 5, 2013)

There are ways to affect the general populace other than slowing down computers and Prism does affect the general populace in some of those ways. In some cases, very sgnificantly.


----------



## buffoon (Jul 16, 2008)

None of this relates to the question whether the same slow down (busy state) happens with either FF or IE as well. Might pay to get some feedback on that one first.


----------



## valis (Sep 24, 2004)

yup.


----------



## James321 (Apr 10, 2013)

The heavy workload on my computer happens as soon as I log on even before I attempt to load up the homepage.

What I can't understand is why Google Chrome should apparently require to open up files on my disk?

How does this work?


----------



## buffoon (Jul 16, 2008)

Has this happened before with Chrome installed? Or, better said, has it been happening since chrome was installed?


----------



## James321 (Apr 10, 2013)

I don't recall this happening before Google Chrome was installed.


----------



## buffoon (Jul 16, 2008)

In its default installation chrome eats up lots of CPU and RAM by background "runners" that don't need it to be even opened.

For instance it runs a very hungry phishing and malware protection that you don't really need if you have it on your PC anyway

So if your PC is really already protected here, you might want to disable that feature in chrome and then try the speed.

Depending on chrome model (I don't use it so don't have one) this should be under the wrench button &#8211; settings &#8211; advance settings &#8211; uncheck the enable phishing and malware protection.


----------



## valis (Sep 24, 2004)

and that is the primary reason I stick with FF.....very customizable, and generally does exactly what you tell it to.


----------



## buffoon (Jul 16, 2008)

same here


----------



## James321 (Apr 10, 2013)

Thanks. I'll certainly try that and report back how it goes.


----------



## James321 (Apr 10, 2013)

buffoon said:


> In its default installation chrome eats up lots of CPU and RAM by background "runners" that don't need it to be even opened.
> 
> For instance it runs a very hungry phishing and malware protection that you don't really need if you have it on your PC anyway
> 
> ...


I tried what you suggested and disabled Google's phishing and malware protection but is hasn't made any difference at all.

Ordinarily I use Norton 360 for general security and it is this package that produces the message about Google Chrome accessing my disk.


----------



## buffoon (Jul 16, 2008)

In that case you want to find what else is causing the high CPU usage thru chrome.

open the task manager (ctrl+Alt+Del) and go to "processes" and look at anything that runs at above 20,000 K and see whether and how it could be related to chrome. 

Your installation of google chrome is clearly causing something(s) to begin background-running at start up, so you need to define which ones you don't really need for current work and highlight them and then click "end process". 

Though not for chrome.exe, of course  but see what that is actually using.

FYR all sorts of apps and extensions get installed by default at first installation and chrome may well have to be customized to fit your needs. Something like flashplayer or flash shield eats up a lot but is not really needed until actually used.

Also, come to think of it, check system idle under "processes"

Basically an elimination process to find out what process ending raises your speed again. You can always restart the process(es).


----------



## James321 (Apr 10, 2013)

I'll certainly give that a go and report back. Thanks.


----------



## buffoon (Jul 16, 2008)

One more thing:

there's been past history of chrome and norton not agreeing with each other at all. Some blamed chrome and some blamed norton as the culprit but it was a moot game and the problem only occurred when the two "married".

No idea whether updates have meanwhile resolved the issue, seeing how I have neither. Tried chrome some time ago and chucked it as too maintenance heavy, finding Firefox far better.

But that's a matter of personal taste which of course differs from one person to the next.


----------



## lunarlander (Sep 22, 2007)

> and chucked it as too maintenance heavy


May I ask what maintenance were you doing on Chrome ? I am currently using Chrome and am just leaving it to be itself.


----------



## buffoon (Jul 16, 2008)

lunarlander said:


> May I ask what maintenance were you doing on Chrome ? I am currently using Chrome and am just leaving it to be itself.


I had similar problems as described here, 'cept they occurred only when I opened chrome (not before even that, as occurring here).

I'd downloaded it just to try it out, not because I was dissatisfied with the browser I was already using. Any case I disabled loads of the default settings and things worked ok, just wasn't convinced of the merits. All of this was some time ago, though.

Can't condemn it in a general sense, friends of mine swear by it as being the best browser ever. Some needed to tweak it, with others it run just fine from the getgo.


----------



## James321 (Apr 10, 2013)

I've now checked what's going on with the Task Manager.

There are no processes running longer than 20,000K other than chrome.exe. 

There were 65 processes running of which only 27 were detailed on the screen. The CPU usage (just after logging onto the Net) varied from 7% to 70%. And the physical memory usage varied from 85% to 93%.

The RAM on my computer is a little on the modest size at 1.00 GB but then again on my old computer the entire C:/ drive was only 4.00 GB!


----------



## James321 (Apr 10, 2013)

> One more thing:
> 
> there's been past history of chrome and norton not agreeing with each other at all. Some blamed chrome and some blamed norton as the culprit but it was a moot game and the problem only occurred when the two "married".
> 
> ...


I can understand Norton and Google perhaps not agreeing to begin with but on the whole Norton is pretty good. Compatibility issues is a problem across the board anyway.

But why should Norton be saying that Google is opening files on my disk? Is Norton wrong here?


----------



## buffoon (Jul 16, 2008)

Can't speak from personal experience since my reluctance wrt chrome didn't involve Norton. Also the high CPU usage occurred when opening chrome, not before. Til I gave it a haircut at the time.

I've only heard (heard, mind you) of cases where Norton would access files again and again, like in a repetitive loop, when working in combination with an installed chrome. By accessing chrome's registry in this manner.

Appears that Norton would translate this as chrome gobbling everything up, something not totally untrue.

None of which makes Norton bad, nor chrome for that matter.

You could try ending its process temporarily. It should be something like "ccSvcHst.exe".


----------



## buffoon (Jul 16, 2008)

James321 said:


> I've now checked what's going on with the Task Manager.
> 
> There are no processes running longer than 20,000K other than chrome.exe.
> 
> ...


How high is chrome usage shown actually?


----------



## James321 (Apr 10, 2013)

It varied but at max I saw 42,000K on one of its files. In total around 0.2 MB for the whole thing. Not that demanding for the capacity of the computer I would have thought.


----------



## buffoon (Jul 16, 2008)

would you mind running this and paste the result in your next post, so one can see what specs your system shows?


----------



## James321 (Apr 10, 2013)

buffoon said:


> would you mind running this and paste the result in your next post, so one can see what specs your system shows?


My security software won't allow me to run the file. Sorry.


----------



## Cookiegal (Aug 27, 2003)

It's just a small utility to give some information about your computer. If Norton (if that's what you mean by security software) is giving you a warning alert you should be able to elect to allow the download.


----------



## James321 (Apr 10, 2013)

buffoon said:


> would you mind running this and paste the result in your next post, so one can see what specs your system shows?


I'm not sure what specifications you're after.

My computer can easily cope with Google Chrome as far as RAM and CPU speed is concerned. It shouldn't be a problem.

One thing I've noted is that the physical memory of 87% refers to how much space I have used on my hard drive, it doesn't seem to refer to RAM. So when the physical memory was fluctuating the other day between 85% and 93% it would suggest that files were being moved around. What do you think?

One thing I've noted is that of my 141 GB physical memory (of which I only have 18.9 GB free) I can only account for 36 GB usage as far as all my personal files and documents are concerned. I can't understand therefore what is eating up my physical memory even taking into account Backup.

Do you think this might be suspicious?


----------



## valis (Sep 24, 2004)

James, the tool we are asking you to run will give us valuable insight as to the hardware and other specs of your rig.....without that, it's making it very difficult to continue.

Can you please run the tool and post the results?

thanks, 

v


----------



## James321 (Apr 10, 2013)

valis said:


> James, the tool we are asking you to run will give us valuable insight as to the hardware and other specs of your rig.....without that, it's making it very difficult to continue.
> 
> Can you please run the tool and post the results?
> 
> ...


I don't know how this helps but here it is:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz, x64 Family 6 Model 15 Stepping 2
Processor Count: 2
RAM: 1014 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 256 Mb
Hard Drives: C: Total - 144796 MB, Free - 19641 MB; D: Total - 7828 MB, Free - 1028 MB;
Motherboard: Foxconn, Lucknow
Antivirus: Norton 360, Updated and Enabled


----------



## buffoon (Jul 16, 2008)

James321 said:


> My computer can easily cope with Google Chrome as far as RAM and CPU speed is concerned. It shouldn't be a problem


Now that you've posted the system spec it seems quite apparent that it can NOT cope with Chrome. Also, Vista is known as being the most inefficient Windows system in use of RAM. 


> One thing I've noted is that the physical memory of 87% refers to how much space I have used on my hard drive, it doesn't seem to refer to RAM. So when the physical memory was fluctuating the other day between 85% and 93% it would suggest that files were being moved around. What do you think?


Correct me if I'm wrong, that sounds to me as if you're equating physical memory with hard drive space. If so, that is not correct.



> One thing I've noted is that of my 141 GB physical memory (of which I only have 18.9 GB free) I can only account for 36 GB usage as far as all my personal files and documents are concerned. I can't understand therefore what is eating up my physical memory even taking into account Backup.


see above.


> Do you think this might be suspicious?


I advise to rid yourself of the notion of skullduggery going on here, PRISM or any other.

Having read your specs made me remember that the problems I encountered (briefly and experimentally only) with Chrome were not on what I'm currently using but on an older rig that's still in use, albeit mainly offline (I do word processing, printing and Excel accounting calculations on it, all of which not earmarked for sending to anyone). And that has RAM like yours. It also still runs XP since I never, there or elsewhere, would have touched Vista with a barnpole.

Lastly NORTON is the totally wrong AV for your system with just that 1 GB of RAM and just one of the more recent updates can have caused it to exemplify the problem (the combination of inefficient Vista RAM use, resource hungry Chrome and, in that constellation, "over-zealous" NORTON).

Putting body work, power brakes, power steering and all the other equipment of a Porsche onto a VW beetle still doesn't make that a Porsche. But it makes the beetle's life difficult as well since the engine will cringe, quite aside from the parts not performing all that well.

MS support of XP is scheduled to end next year (we'll see about that), so returning to XP is probably not sound advice. But if I wanted to hang on to your rig without upgrading it I'd certainly get rid of Chrome AND Norton and replace both with something more suitable. Personally I'd even go back "down" to XP since I've never held Vista to be an improvement on any rig, irrespective of its capacity.


----------



## James321 (Apr 10, 2013)

buffoon said:


> Lastly NORTON is the totally wrong AV for your system with just that 1 GB of RAM and just one of the more recent updates can have caused it to exemplify the problem (the combination of inefficient Vista RAM use, resource hungry Chrome and, in that constellation, "over-zealous" NORTON).
> 
> Putting body work, power brakes, power steering and all the other equipment of a Porsche onto a VW beetle still doesn't make that a Porsche. But it makes the beetle's life difficult as well since the engine will cringe, quite aside from the parts not performing all that well.


The following are the system requirements for Norton 360:

300 MHz for Microsoft Windows XP, 1 GHz for Microsoft Windows Vista/Microsoft Windows 7/Windows 8
256 MB of RAM
300 MB of available hard disk space

I think you will find my own system specs quoted above easily meet these requirements.

And you have still not answered the question as to why Norton is telling me that Google Chrome is accessing my disk.


----------



## buffoon (Jul 16, 2008)

I've explained how the combination of Vista (inefficient RAM use), Chrome (overly resource hungry for a system like yours) and Norton (least useful in combination with both the above two *and your system as such*) is not just potentially problematic.

Really nothing more I have to add except that Norton "infiltrates" everything. That's not a prob. when you have a fast runner (much faster than yours) when Norton "thinks" there's high usage. And with Chrome there is of course.

Frankly I'd dump Norton first of all, not because it's bad but because it's not good in this confguration.


----------



## James321 (Apr 10, 2013)

buffoon said:


> I've explained how the combination of Vista (inefficient RAM use), Chrome (overly resource hungry for a system like yours) and Norton (least useful in combination with both the above two *and your system as such*) is not just potentially problematic.
> 
> Really nothing more I have to add except that Norton "infiltrates" everything. That's not a prob. when you have a fast runner (much faster than yours) when Norton "thinks" there's high usage. And with Chrome there is of course.
> 
> Frankly I'd dump Norton first of all, not because it's bad but because it's not good in this confguration.


I can't believe 1.0 GB of RAM is being eaten up when I don't have any packages open apart from Chrome and Norton.

Chrome appears to take up less than 1 MB and Norton should be no more than 0.25 GB.

Where does it all go? Can you show me some maths?


----------



## valis (Sep 24, 2004)

bring up task manager (ctlr - shift - esc), processes tab > sort by memory. let us know what is chewing it up......


----------



## Cookiegal (Aug 27, 2003)

It could be Google updating on startup or running a scheduled task. Let's try this program to give us an idea of what may be going on. If you can run it during one of those spikes that might be even more helpful. But if it's too sluggish to run then wait until there is less of a load on the system to run it.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## James321 (Apr 10, 2013)

valis said:


> bring up task manager (ctlr - shift - esc), processes tab > sort by memory. let us know what is chewing it up......


None of the 68 processes are larger than 36,000 K.

The following will give you an idea of the physical memory usage on my computer at different times as shown in Task Manager. With Windows Vista booted up and Norton running and no other packages open the PM usage is 41%. Connected to the Net and with Google open the PM is 64%. Running a high demand webpage in the form of a YouTube video in HD the PM is 80%.

When I experience problems, i.e. for the first half hour after first connecting to the Net at the beginning of the day, the computer seems very busy with the CPU spiking at 80%. Also even though the PM is showing as say 88% used, the remaining memory is marked as Cached with zero or very little Free PM left. This, it would seem, is what slows the computer down when you attempt to use it.

However as I have detailed above, none of the 68 processes open in the PM are larger than 36,000 K. The first 27 on the list would seem to add up to around 150 MB with the remaining items being less that 116 K each, giving a grand total of 155 MB. This nowhere near fills 1.0 GB RAM.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please download DDS by sUBs to your desktop from the following location:
> 
> http://download.bleepingcomputer.com/sUBs/dds.scr


Your link appeared to lead to an untitled blank page.


----------



## valis (Sep 24, 2004)

James321 said:


> Your link appeared to lead to an untitled blank page.


you should be prompted to save/run dds....


----------



## James321 (Apr 10, 2013)

valis said:


> you should be prompted to save/run dds....


Blank page every time.

Can I ask what does it mean when the apparently 'free' RAM on the Physical Memory is actually Cached?

Is it really free memory or is it already being used?

I've noticed now that most of the time unused memory is cached and that under 10 MB is actually detailed as Free.

For example Task Manager gives the following stats for Physical Memory (MB): Total 1014, Cached 367, Free 13 with 70% PM Used.
This implies that only 13 MB is actually free.


----------



## Cookiegal (Aug 27, 2003)

Try going to this link and clicking on the download button:

http://www.bleepingcomputer.com/download/dds/


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Try going to this link and clicking on the download button:
> 
> http://www.bleepingcomputer.com/download/dds/


I'm not sure whether I caught the spike in time but here is the data:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19443 BrowserJavaVersion: 10.25.2
Run by G Alexander at 12:02:31 on 2013-07-30
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.1015.124 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\ACFXAU32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k wdisvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=18776
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Presario&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\g alexander\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CnxtCoInstallerDefer] c:\program files\conexant\setup4a940181248\setup\SETUP.EXE -REBOOTED_FROM_NO_ENUM_INSTALL -S
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC5C66C2-0B0F-468F-B4E7-7AE04A5E55C6} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-7-26 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-7-26 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-26 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-7-26 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130727.001\IDSvix86.sys [2013-7-30 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-7-26 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-7-26 352344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2007-9-21 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2007-9-21 28800]
.
=============== Created Last 30 ================
.
2013-07-26 11:43:12	934488	----a-r-	c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys
2013-07-26 11:43:12	603224	----a-r-	c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-07-26 11:43:12	367704	----a-r-	c:\windows\system32\drivers\n360\1404000.028\SymDS.sys
2013-07-26 11:43:12	352344	----a-r-	c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys
2013-07-26 11:43:12	339544	----a-r-	c:\windows\system32\drivers\n360\1404000.028\symnets.sys
2013-07-26 11:43:12	32344	----a-r-	c:\windows\system32\drivers\n360\1404000.028\srtspx.sys
2013-07-26 11:43:12	21400	----a-r-	c:\windows\system32\drivers\n360\1404000.028\SymELAM.sys
2013-07-26 11:43:12	175264	----a-r-	c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys
2013-07-26 11:43:12	134744	----a-r-	c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys
2013-07-26 11:42:44	14818	----a-r-	c:\windows\system32\drivers\n360\1404000.028\SymVTcer.dat
2013-07-26 11:42:43	--------	d-----w-	c:\windows\system32\drivers\n360\1404000.028
2013-07-11 15:45:37	--------	d-----w-	c:\windows\system32\MRT
2013-07-10 08:57:13	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 08:53:51	936960	----a-w-	c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-10 08:53:50	983552	----a-w-	c:\program files\windows journal\JNTFiltr.dll
2013-07-10 08:53:50	964608	----a-w-	c:\program files\windows journal\JNWDRV.dll
2013-07-10 08:53:50	1218048	----a-w-	c:\program files\windows journal\NBDoc.DLL
.
==================== Find3M ====================
.
2013-07-26 11:46:54	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-23 21:40:25	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 21:40:23	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-06-23 21:40:22	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-12 19:54:50	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 19:54:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-01 04:06:08	505344	----a-w-	c:\windows\system32\qedit.dll
2013-05-29 11:30:53	916480	----a-w-	c:\windows\system32\wininet.dll
2013-05-29 11:25:14	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-29 11:24:50	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-29 11:24:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2013-05-29 11:24:34	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-05-29 09:47:27	385024	----a-w-	c:\windows\system32\html.iec
2013-05-29 08:07:22	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-29 08:04:29	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-08 04:37:21	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-08 04:04:52	1548288	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-05-02 22:03:36	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04:25	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-05-02 04:03:42	37376	----a-w-	c:\windows\system32\printcom.dll
.
============= FINISH: 12:05:00.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 21/09/2007 21:16:14
System Uptime: 30/07/2013 11:10:13 (1 hours ago)
.
Motherboard: Foxconn | | Lucknow
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | CPU 1 | 1200/64511mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 22.053 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.004 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Babylon toolbar on IE
Bonjour
BT Broadband Desktop Help
BT Broadband Talk Softphone 2.0
BT Wireless Connection Manager
BTTotalBroadband220V
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
ESP Test 3.0
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP OrderReminder
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Update
HPSSupply
iCloud
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LaserJet 1018
LightScribe 1.4.142.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MKV Splitter
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
NetWaiting
Norton 360
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Philips Songbird
PSSWCORE
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Shop for HP Supplies
Skype 2.5
Spelling Dictionaries Support For Adobe Reader 9
Symantec Technical Support Web Controls
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 5 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Modem
V5385 Digital Camera Driver
VC80CRTRedist - 8.0.50727.4053
Windows Media Player Firefox Plugin
WYSIWYG Web Builder 5.5 
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================


----------



## James321 (Apr 10, 2013)

Can I repeat what I noted in my above post: 

In Task Manager none of the 68 processes open in the Physical Memory are larger than 36,000 K. The first 27 on the list would seem to add up to around 150 MB with the remaining items being less that 116 K each, giving a grand total of 155 MB. This nowhere near fills 1.0 GB RAM.

So why does the TM tell me the PM is up to 70 - 80% used?


----------



## Cookiegal (Aug 27, 2003)

Can you post a screenshot of your Task Manager Performance Tab?

There are many applications running at startup that don't need to be and there is some nuisance malware. So far I see nothing more serious.

Please uninstall this toolbar via Start - Control Panel - Programs - Programs and Features.

Babylon toolbar on IE

Also uninstall these older versions of Java

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Can you post a screenshot of your Task Manager Performance Tab?
> 
> There are many applications running at startup that don't need to be and there is some nuisance malware. So far I see nothing more serious.
> 
> ...


Thanks for your help. However I had a problem pasting the Screenshot of Task Manager Performance into this message box. How do you do this?

The Babylon and Java softwares have been removed.

I ran AdwCleaner but again I don't know how to copy and paste the log into this message box. The only significant thing AdwCleaner found was 611 errors in the Registry which is not confirmed by Norton (my own package) which has its own registry cleaner.

Again can I ask the following question: In Task Manager none of the 68 processes open in the Physical Memory are larger than 36,000 K. The first 27 on the list would seem to add up to around 150 MB with the remaining items being less that 116 K each, giving a grand total of 155 MB. This nowhere near fills 1.0 GB RAM.

So why does the TM tell me the PM is up to 70 - 80% used?


----------



## Cookiegal (Aug 27, 2003)

There are different types of memory and that's why I wanted to see a screenshot of your Task Manager.

Once you press Prt Screen key on your keyboard you can open Paint and right-click and then select "paste" and the text should appear. Then save it on your hard drive and upload the image as an attachment.


----------



## James321 (Apr 10, 2013)

cookiegal said:


> there are different types of memory and that's why i wanted to see a screenshot of your task manager.
> 
> Once you press prt screen key on your keyboard you can open paint and right-click and then select "paste" and the text should appear. Then save it on your hard drive and upload the image as an attachment.











Here is the Screen Shot.


----------



## valis (Sep 24, 2004)

something is goofy there......need to add more ram for starters, but let's wait until Cookiegal clears you.....


----------



## Cookiegal (Aug 27, 2003)

I'm not a hardware expert but I don't think you can just add up the processes running in the Task Manager to get the total amount of physical memory being used. I think you just have too many processes running and too little RAM to support the system.

Are you able to copy and paste that AdwCleaner report now?

BTW, you shouldn't use the registry cleaner function of any program, including Norton. They often remove registry entries that are needed and that can cause serious problems.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> I'm not a hardware expert but I don't think you can just add up the processes running in the Task Manager to get the total amount of physical memory being used. I think you just have too many processes running and too little RAM to support the system.


This isn't really a hardware issue, this is software. Before the computer boots up the RAM is empty. Only processes that are running and open are contained on the RAM. For instance if you open a package up like the AdwCleaner it is listed in TM as a process. Therefore all listed processes on the RAM should fully account for the volume of memory used in the RAM.



> Are you able to copy and paste that AdwCleaner report now?


Sorry but how do you copy and paste this quite long report that scrolls down inside a window?



> BTW, you shouldn't use the registry cleaner function of any program, including Norton. They often remove registry entries that are needed and that can cause serious problems.


Too late.


----------



## James321 (Apr 10, 2013)

valis said:


> something is goofy there......need to add more ram for starters, but let's wait until Cookiegal clears you.....


I am being told that Google Chrome uses a lot of RAM but looking on the Net for the required specifications for using Chrome all I can find is that it uses 766.48 K which, if I am not mistaken, is less than 1.0 MB.

http://download.cnet.com/Google-Chrome/3010-2356_4-10881381.html

This is hardly anything.

How much RAM does Chrome really use and can you point to a website which actually details this information?


----------



## valis (Sep 24, 2004)

there are tons of other apps chewing up ram as well......again, let's wait for Cookiegal to clear the OS, then we can talk hardware. Another gig of ram in there certainly wouldn't hurt.


----------



## Cookiegal (Aug 27, 2003)

James321 said:


> I am being told that Google Chrome uses a lot of RAM but looking on the Net for the required specifications for using Chrome all I can find is that it uses 766.48 K which, if I am not mistaken, is less than 1.0 MB.
> 
> http://download.cnet.com/Google-Chrome/3010-2356_4-10881381.html
> 
> ...


The page you're linking to is only telling you the size of the download file in order to set up Chrome. This link tells you the minimum requirements to have Chrome running (128 MB of RAM) but how much it uses will depend on how many pages, tabs etc. you have open at any given time and will constantly fluctuate.

https://support.google.com/chrome/answer/95411?hl=en


----------



## Cookiegal (Aug 27, 2003)

James321 said:


> This isn't really a hardware issue, this is software.


RAM is hardware so discussions on how RAM works are considered hardware issues.


> Only processes that are running and open are contained on the RAM. For instance if you open a package up like the AdwCleaner it is listed in TM as a process. Therefore all listed processes on the RAM should fully account for the volume of memory used in the RAM.


I checked with a colleague who knows a great deal about hardware to be sure what I wanted to post was correct. The Operating System itself uses RAM and the video card can use the RAM in addition to its own as well. The amount of RAM in use by the system will fluctuate and not everything is listed in the Task Manager running processes so adding those up will not equal the total amount of RAM being used. 


> Sorry but how do you copy and paste this quite long report that scrolls down inside a window?


I'm not sure what you mean by that. Doesn't the report open up in Notepad?


----------



## Cookiegal (Aug 27, 2003)

I'm also being told that the OS uses what's called a swap file as well as RAM for processes, etc. so that alone would prevent being able to add up the processes to determine the amount of RAM being used.


----------



## James321 (Apr 10, 2013)

valis said:


> there are tons of other apps chewing up ram as well......again, let's wait for Cookiegal to clear the OS, then we can talk hardware. Another gig of ram in there certainly wouldn't hurt.


68 to be precise.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> The page you're linking to is only telling you the size of the download file in order to set up Chrome. This link tells you the minimum requirements to have Chrome running (128 MB of RAM) but how much it uses will depend on how many pages, tabs etc. you have open at any given time and will constantly fluctuate.
> 
> https://support.google.com/chrome/answer/95411?hl=en


128 MB RAM is only a recommended amount for optimal performance and could well allow for having a number of webpages open at the same time. What I want to know is how much RAM does the Google Chrome homepage use on its own. I bet you it isn't a lot.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> I'm not sure what you mean by that. Doesn't the report open up in Notepad?


I couldn't see any obvious way of opening the report in Notepad.

Again the Reimage software did not find any viruses or malware. The worst it found was 611 errors in the registry (not confirmed by Norton).


----------



## James321 (Apr 10, 2013)

Sorry, I can see what has happened now. Following your link I downloaded a different piece of software from the same page.

Here is the completed log from AdwCleaner. Two things I note on it, first the Babylon toolbar still seems to be there even though I had previously removed as according to your instructions, and at the bottom of the page is the Ask.com search engine which appears to have grafted itself onto Google Chrome and is causing a nuisance. How do get rid of this? Resetting the homepage doesn't seem to work:

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 11:09:36
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : G Alexander - MYHOME-PC
# Boot Mode : Normal
# Running from : C:\Users\G Alexander\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\G Alexander\AppData\LocalLow\BabylonToolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19443

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?AF=18776

-\\ Google Chrome v28.0.1500.95

File : C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.48] : icon_url = "hxxp://www.ask.com/favicon.ico",
Found [l.55] : search_url = "hxxp://uk.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=6&gct=sb&qsrc=2869",

*************************

AdwCleaner[R1].txt - [6674 octets] - [02/08/2013 11:09:36]

########## EOF - C:\AdwCleaner[R1].txt - [6734 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

I find that when they give those numbers they are always very conservative. Optimal is in the eye of the beholder. 

The amount of RAM used by your homepage will depend on what your homepage is set to. If it's just the Google search engine page that will use less than a web site like TSG that has more information on it and it will fluctuate as well. 

Anyway, the fact remains that the minimum requirement for Vista Home Premium is 1GB of RAM and you're running this system on the minimum. That will just not give optimal performance.

But back to the task at hand. You should nortice an improvement when we finish cleaning up.

Please run AdwCleaner again and this time select the "delete" option and post the resulting log.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> I find that when they give those numbers they are always very conservative. Optimal is in the eye of the beholder.
> 
> The amount of RAM used by your homepage will depend on what your homepage is set to. If it's just the Google search engine page that will use less than a web site like TSG that has more information on it and it will fluctuate as well.
> 
> ...


Sorry for the delay, I was away over the weekend.

The following is the resultant log of deleted registry entries and folders:

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 20:06:31
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : G Alexander - MYHOME-PC
# Boot Mode : Normal
# Running from : C:\Users\G Alexander\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\G Alexander\AppData\LocalLow\BabylonToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19443

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?AF=18776 --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.95

File : C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.48] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.55] : search_url = "hxxp://uk.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=360&chn[...]

*************************

AdwCleaner[R1].txt - [6803 octets] - [02/08/2013 11:09:36]
AdwCleaner[S1].txt - [6535 octets] - [04/08/2013 20:06:31]

########## EOF - C:\AdwCleaner[S1].txt - [6595 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please download GMER from: http://www.gmer.net
> 
> Click on the "Download EXE" button and save the randomly named .exe file to your desktop.
> 
> ...


GMER has failed on my computer after three attempts at running.

The program stopped working on the following activity \Device\HarddiskVolumeShadowCopy1


----------



## Cookiegal (Aug 27, 2003)

OK, let's use this one instead:


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> OK, let's use this one instead:
> 
> 
> Please download *RogueKiller* by Tigzy and save it to your desktop.
> ...


RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : G Alexander [Admin rights]
Mode : Scan -- Date : 08/05/2013 17:41:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4238356135-1069967474-2706294926-1000\[...]\Run : Google Update ("C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA.job : C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core.job : C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000 : C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core : C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA : C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\GALEXA~1\AppData\Local\Temp\IHUAC6D.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x81ED97FF -> HOOKED (Unknown @ 0x855E8B70)
[Address] SSDT[14] : NtAlertThread @ 0x81E52357 -> HOOKED (Unknown @ 0x855E8C50)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x81E8E6AD -> HOOKED (Unknown @ 0x855E9D68)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x81E3089D -> HOOKED (Unknown @ 0x85518B80)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x81E03B2E -> HOOKED (Unknown @ 0x855E8318)
[Address] SSDT[67] : NtCreateMutant @ 0x81E669A3 -> HOOKED (Unknown @ 0x855E88C0)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x81E06345 -> HOOKED (Unknown @ 0x855D6008)
[Address] SSDT[78] : NtCreateThread @ 0x81ED7E14 -> HOOKED (Unknown @ 0x855FEB00)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x81EAAF04 -> HOOKED (Unknown @ 0x855E83F8)
[Address] SSDT[129] : NtDuplicateObject @ 0x81E3E581 -> HOOKED (Unknown @ 0x855E9F38)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x81CCAE15 -> HOOKED (Unknown @ 0x855E9B20)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x81E00F3B -> HOOKED (Unknown @ 0x855E89B0)
[Address] SSDT[158] : NtImpersonateThread @ 0x81E16580 -> HOOKED (Unknown @ 0x855E8A90)
[Address] SSDT[165] : NtLoadDriver @ 0x81DB1E12 -> HOOKED (Unknown @ 0x85523B80)
[Address] SSDT[177] : NtMapViewOfSection @ 0x81E5699C -> HOOKED (Unknown @ 0x855E9A20)
[Address] SSDT[184] : NtOpenEvent @ 0x81E3FDFF -> HOOKED (Unknown @ 0x855E87E0)
[Address] SSDT[194] : NtOpenProcess @ 0x81E6713F -> HOOKED (Unknown @ 0x855FE9E8)
[Address] SSDT[195] : NtOpenProcessToken @ 0x81E47A60 -> HOOKED (Unknown @ 0x855E9E58)
[Address] SSDT[197] : NtOpenSection @ 0x81E57794 -> HOOKED (Unknown @ 0x855E8620)
[Address] SSDT[201] : NtOpenThread @ 0x81E6263B -> HOOKED (Unknown @ 0x855FE918)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x81E603F2 -> HOOKED (Unknown @ 0x855E8228)
[Address] SSDT[282] : NtResumeThread @ 0x81E61C5A -> HOOKED (Unknown @ 0x855E8D30)
[Address] SSDT[289] : NtSetContextThread @ 0x81ED92AB -> HOOKED (Unknown @ 0x855E8FD0)
[Address] SSDT[305] : NtSetInformationProcess @ 0x81E5A9EE -> HOOKED (Unknown @ 0x855E9850)
[Address] SSDT[317] : NtSetSystemInformation @ 0x81E2CF14 -> HOOKED (Unknown @ 0x855E84D8)
[Address] SSDT[330] : NtSuspendProcess @ 0x81ED973B -> HOOKED (Unknown @ 0x855E8700)
[Address] SSDT[331] : NtSuspendThread @ 0x81DE0943 -> HOOKED (Unknown @ 0x855E8E10)
[Address] SSDT[334] : NtTerminateProcess @ 0x81E37173 -> HOOKED (Unknown @ 0x855FEBE0)
[Address] SSDT[335] : unknown @ 0x81E62670 -> HOOKED (Unknown @ 0x855E8EF0)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x81E56C5F -> HOOKED (Unknown @ 0x855E9940)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x81E53A2F -> HOOKED (Unknown @ 0x855E9C10)
[Address] SSDT[382] : NtCreateThreadEx @ 0x81E62125 -> HOOKED (Unknown @ 0x855E8128)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x851E49B8)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8545A368)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x9B1E9B48)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x856522D8)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x9B1E9BC8)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x85D8AC48)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x85D8ADE8)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x85D8AD18)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9AA261C8)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x9B1D5008)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++
--- User ---
[MBR] 8d3d8f98f019de26b7a669cb0b2fbc07
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144796 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 296543835 | Size: 7828 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08052013_174127.txt >>


----------



## Cookiegal (Aug 27, 2003)

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped and run *mbar.exe*










4. The following image opens, select Next.










5. The following image opens, select Update










6. When the Update completes, select Next










7. In the following window ensure "Targets" are ticked. Then select "Scan"










8. If an infection/s is found the *"Cleanup Button"* to remove threats will be available. A list of infected files will be listed like the following example:










9. *Do NOT* select the "Clean up Button" select the "Exit" button, there will be a warning as follows:










10. Select "Yes" to close down the program. If NO infections were found you will see the following image:










11. Select "Exit" to close down.
12. Copy and paste the two following logs from the *mbar* folder:

*System - log*
*Mbar - log* Date and time of scan will also be shown










Post those two logs in your reply.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Download Malwarebytes Anti-Rootkit from this link
> 
> http://www.malwarebytes.org/products/mbar/
> 
> Post those two logs in your reply.


The computer seemed a lot less busy on logging onto the Net this morning. I'll keep an eye out and see how things progress.

No Malware was detected by Malwarebytes but here are the two logs:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.06.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19443
G Alexander :: MYHOME-PC [administrator]

06/08/2013 10:17:11
mbar-log-2013-08-06 (10-17-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 218619
Time elapsed: 23 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19443

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063919616, free: 155787264

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19443

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063919616, free: 177729536

Downloaded database version: v2013.08.06.01
Downloaded database version: v2013.07.29.01
Initializing...
------------ Kernel report ------------
08/06/2013 10:17:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360\1404000.028\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360\1404000.028\SYMEFA.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\N360\1404000.028\ccSetx86.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\N360\1404000.028\Ironx86.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\N360\1404000.028\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360\1404000.028\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ACFSDK32.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\ACFXAU32.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\N360\1404000.028\SRTSP.SYS
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130805.023\NAVEX15.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130805.023\NAVENG.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130804.001\IDSvix86.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff85442ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff854c6868
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8543c6e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff8549e868
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8543c030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff854a1888
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8547cac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff854ab888
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff849440b8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xffffffff84337660
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff849440b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84a47c50, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff849440b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84354918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84337660, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 296543772
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 296543835 Numsec = 16032870

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8547cac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff854ba8e8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8547cac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff854ab888, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8543c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff854cc8e8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8543c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff854a1888, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8543c6e0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff854998c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8543c6e0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8549e868, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85442ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff854cb8c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85442ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff854c6868, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished


----------



## Cookiegal (Aug 27, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please download Junkware Removal Tool to your desktop.
> 
> Shut down your protection software now to avoid potential conflicts.
> Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
> ...


I take back what I said yesterday about my computer apparently speeding up upon first logging onto the Net. Unfortunately today it was as worse as its ever been.

Here's the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by G Alexander on 07/08/2013 at 14:05:27.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uniblue registrybooster 2
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9B412084-4B46-4640-8405-389D770D7C2E}

~~~ Files

Successfully deleted [File] C:\Windows\Tasks\spmonitor.job
Successfully deleted [File] C:\Windows\system32\Tasks\IHUninstallTrackingTASK

~~~ Folders

Failed to delete: [Folder] "C:\Users\G Alexander\AppData\Roaming\uniblue\speedupmypc"
Successfully deleted: [Folder] "C:\Program Files\uniblue\speedupmypc"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/08/2013 at 14:10:04.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please download *OTL* to your Desktop.
> 
> Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
> Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
> ...


OTL Extras logfile created on: 08/08/2013 17:07:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G Alexander\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 336.49 Mb Available Physical Memory | 33.16% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.40 Gb Total Space | 22.92 Gb Free Space | 16.21% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 1.00 Gb Free Space | 13.13% Space Free | Partition Type: NTFS

Computer Name: MYHOME-PC | User Name: G Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F53DE0B-7666-455F-9284-4C7401FE06D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E8F7809-C543-41D3-B0BE-3B1A911AC3A6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{30833A53-806C-4090-AE55-FBA4A19D49FD}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"{441EF217-8906-4AEB-AB0B-C49BDEFF7469}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{4DF79B94-1A47-4862-923E-DB3985A70B54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71691FA9-D899-4B56-A491-3F815525191A}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
"{85CF22BB-F209-4BA7-BEF0-EE2527AD16AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ACCA7891-62E4-4094-BF21-0D01D878B438}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BF940CE9-B2EF-4B2B-ACAD-8A43719C08DB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D7CCB283-1371-493D-B820-F4DAE4548B21}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{EDC705A4-BE7A-477F-81F5-E1528ACBAA36}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FCCE6529-7EA4-4AF6-B8E4-D7D758F84052}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"TCP Query User{3AF5A808-FE77-4E5A-9F43-660A8D106C25}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | 
"UDP Query User{E52E81F7-D069-4AC7-B1AC-29A060DDF2BB}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Total Broadband 220V" = BTTotalBroadband220V
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"CNXT_MODEM_USB_ACF" = USB Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESP Test 3.0" = ESP Test 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP OrderReminder" = HP OrderReminder
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP-LaserJet 1018" = LaserJet 1018
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Philips Songbird" = Philips Songbird
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = Skype 2.5
"V5385 Digital Camera Driver" = V5385 Digital Camera Driver
"WYSIWYG_Web_Builder_5" = WYSIWYG Web Builder 5.5 
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/08/2013 11:19:06 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12903014

Error - 08/08/2013 11:19:07 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/08/2013 11:19:07 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12904012

Error - 08/08/2013 11:19:07 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12904012

Error - 08/08/2013 11:19:08 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/08/2013 11:19:08 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12905042

Error - 08/08/2013 11:19:08 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12905042

Error - 08/08/2013 11:19:09 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/08/2013 11:19:09 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12906071

Error - 08/08/2013 11:19:09 | Computer Name = MyHome-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12906071

[ System Events ]
Error - 07/08/2013 11:13:53 | Computer Name = MyHome-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/08/2013 17:45:36 | Computer Name = MyHome-PC | Source = DCOM | ID = 10010
Description =

Error - 08/08/2013 06:56:49 | Computer Name = MyHome-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/08/2013 11:32:13 | Computer Name = MyHome-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

OTL logfile created on: 08/08/2013 17:07:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G Alexander\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 336.49 Mb Available Physical Memory | 33.16% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.40 Gb Total Space | 22.92 Gb Free Space | 16.21% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 1.00 Gb Free Space | 13.13% Space Free | Partition Type: NTFS

Computer Name: MYHOME-PC | User Name: G Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/08 17:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\G Alexander\Downloads\OTL.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/07/10 10:13:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\ACFXAU32.exe
PRC - [2007/02/15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/01/30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 15:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll

========== Services (SafeList) ==========

SRV - [2013/06/12 20:55:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/10 10:13:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\ACFXAU32.exe -- (XAudioService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GALEXA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/30 11:14:47 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130807.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/30 11:14:47 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130807.022\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/26 12:46:54 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/25 15:10:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130807.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/23 06:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/21 06:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/21 05:41:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/16 06:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 01:43:56 | 000,352,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/22 19:03:05 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/04/16 03:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/03/05 02:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/05 02:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/08/09 19:12:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/10 10:13:38 | 000,028,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2007/07/10 10:13:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2007/06/29 12:39:46 | 000,086,656 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2007/03/15 11:52:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
DRV - [2007/01/15 23:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2003/10/15 09:07:38 | 000,012,288 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003/10/11 00:39:52 | 000,011,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{3C4FEA24-ECEB-40EC-988E-5804BE29627C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3C4FEA24-ECEB-40EC-988E-5804BE29627C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFFPlgn\ [2013/07/26 13:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/08/08 10:54:37 | 000,000,000 | ---D | M]

[2011/03/06 16:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G Alexander\AppData\Roaming\Mozilla\Extensions
[2011/03/06 16:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G Alexander\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Norton Safe Search (Enabled)
CHR - default_search_provider: search_url = http://uk.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=6&gct=sb&qsrc=2869
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CnxtCoInstallerDefer] C:\Program Files\CONEXANT\SETUP4A940181248\SETUP\SETUP.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5C66C2-0B0F-468F-B4E7-7AE04A5E55C6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\G Alexander\Pictures\Otemanu Peak, Bora Bora, French Polynesia.jpg
O24 - Desktop BackupWallPaper: C:\Users\G Alexander\Pictures\Otemanu Peak, Bora Bora, French Polynesia.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/07 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\G Alexander\AppData\Roaming\SparkTrust
[2013/08/07 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\G Alexander\AppData\Roaming\DriverCure
[2013/08/07 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/08/07 14:05:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/07 13:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/08/06 10:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/06 10:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/01 11:23:53 | 000,749,216 | ---- | C] (Reimage®) -- C:\TRANSLATE
[2013/07/30 17:12:20 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/30 17:12:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/30 17:12:20 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/26 13:07:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/07/11 16:45:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/10 09:57:13 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/10 09:56:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/10 09:56:33 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/10 09:56:33 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/10 09:56:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/10 09:56:33 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/10 09:56:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/10 09:56:33 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/10 09:56:33 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/10 09:56:30 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/10 09:56:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/10 09:56:24 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/10 09:56:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/07/10 09:56:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/07/10 09:56:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/07/10 09:56:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/07/10 09:56:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/10 09:56:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/10 09:56:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/10 09:56:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/10 09:56:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/10 09:56:21 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/10 09:56:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/10 09:56:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/10 09:56:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/07/10 09:56:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/07/10 09:56:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/10 09:56:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/07/10 09:56:18 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

========== Files - Modified Within 30 Days ==========

[2013/08/08 17:04:36 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A332A088-FE5E-4AE9-A578-04045CD33C28}.job
[2013/08/08 16:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 16:43:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/08 16:19:21 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA.job
[2013/08/08 16:19:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 16:19:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 16:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 10:51:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 10:50:49 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/07 22:15:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core.job
[2013/08/06 17:19:53 | 000,215,552 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/05 14:03:23 | 196,907,612 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/02 10:53:55 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/08/01 11:27:57 | 000,002,078 | ---- | M] () -- C:\Users\G Alexander\Desktop\Google Chrome.lnk
[2013/08/01 11:23:56 | 000,749,216 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2013/07/31 17:29:32 | 000,001,056 | ---- | M] () -- C:\Windows\System32\SettingsFile
[2013/07/31 09:09:08 | 000,376,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/26 13:07:33 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/26 13:07:03 | 002,608,897 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013/07/26 13:06:03 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021
[2013/07/26 12:46:54 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/26 12:46:54 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/26 12:46:54 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/17 15:41:02 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/17 15:41:02 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/07/31 17:29:32 | 000,001,056 | ---- | C] () -- C:\Windows\System32\SettingsFile
[2013/07/30 17:24:05 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2011/05/19 18:25:34 | 000,001,940 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/08/20 13:25:01 | 000,027,404 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\rx_audio.Cache
[2008/08/20 11:47:39 | 000,000,000 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\rx_image.Cache
[2008/02/28 15:24:35 | 000,000,124 | ---- | C] () -- C:\Users\G Alexander\AppData\Roaming\wklnhst.dat
[2007/09/22 09:47:44 | 000,215,552 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Before I post a fix based on that log I'd like to check the contents of a couple of suspicious folders:

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\TRANSLATE /s
C:\Windows\System32\SettingsFile /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Before I post a fix based on that log I'd like to check the contents of a couple of suspicious folders:
> 
> Please download  *SystemLook* and save it to your Desktop.
> 
> ...


SystemLook 04.09.10 by jpshortstuff
Log created at 16:12 on 09/08/2013 by G Alexander
Administrator - Elevation successful

========== dir ==========

C:\TRANSLATE - Unable to find folder.

C:\Windows\System32\SettingsFile - Unable to find folder.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Sorry but I see now those are files not folders so please run SystemLook again with the following script:


```
:filefind
*TRANSLATE*
*SettingsFile*
```


----------



## Cookiegal (Aug 27, 2003)

Also, do you use remote assistance? I ask because of this plugin in Chrome which can be legitimate but can also be exploited. Many people choose to disable it if they don't need it:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Also, do you use remote assistance? I ask because of this plugin in Chrome which can be legitimate but can also be exploited. Many people choose to disable it if they don't need it:
> 
> CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer


I don't know what this is so this can't be something I use.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Sorry but I see now those are files not folders so please run SystemLook again with the following script:
> 
> 
> ```
> ...


SystemLook 04.09.10 by jpshortstuff
Log created at 11:56 on 10/08/2013 by G Alexander
Administrator - Elevation successful

========== filefind ==========

Searching for "*TRANSLATE*"
C:\TRANSLATE	--a---- 749216 bytes	[10:23 01/08/2013]	[10:23 01/08/2013] 1D56F57EAC1E74D53A7C90C24E0FF49A
C:\Users\G Alexander\AppData\Local\Google\Toolbar Cache\7.5.4209.2358\en-GB\translate_element.js.content	--a---- 2333 bytes	[10:01 02/08/2013]	[10:01 02/08/2013] 4402B99D38DAD2A26340D8904864219B
C:\Users\G Alexander\AppData\Local\Google\Toolbar Cache\7.5.4209.2358\en-GB\translate_languages.json.content	--a---- 1469 bytes	[10:01 02/08/2013]	[10:01 02/08/2013] 8CB562F2FC3C6DC8285CAAAB2C163488
C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt	--a---- 418 bytes	[18:27 03/11/2008]	[18:32 03/11/2008] C2B3B2D1B84A1899FB57F3E1F07FDBFB
C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt	--a---- 389 bytes	[20:46 30/12/2007]	[20:14 01/02/2008] 15B33B40E99BD1744A6D1719B1DED48A

Searching for "*SettingsFile*"
C:\WINDOWS\System32\SettingsFile	--a---- 1056 bytes	[16:29 31/07/2013]	[16:29 31/07/2013] 11B7B0E9DE452F35AED52246C67896AA

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
CHR - default_search_provider: search_url = http://uk.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=GB&amp;ver=6&gct=sb&qsrc=2869
O4 - HKLM..\Run: [] File not found
[2013/08/07 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\G Alexander\AppData\Roaming\SparkTrust
[2013/08/07 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\G Alexander\AppData\Roaming\DriverCure
[2013/08/07 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/08/07 13:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/08/01 11:23:53 | 000,749,216 | ---- | C] (Reimage®) -- C:\TRANSLATE
[2013/07/31 17:29:32 | 000,001,056 | ---- | C] () -- C:\Windows\System32\SettingsFile
[2013/07/30 17:24:05 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## Cookiegal (Aug 27, 2003)

You can disable the plugin for Remoting Viewer in Google Chrome by entering *chromelugins* in the address bar and select the option to disable that particular plugin.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> You can disable the plugin for Remoting Viewer in Google Chrome by entering *chromelugins* in the address bar and select the option to disable that particular plugin.


Have done this. Thanks.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:
> 
> 
> ```
> ...


========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\G Alexander\AppData\Roaming\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\Users\G Alexander\AppData\Roaming\SparkTrust folder moved successfully.
C:\Users\G Alexander\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\ProgramData\SparkTrust folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue folder moved successfully.
C:\TRANSLATE moved successfully.
C:\WINDOWS\System32\SettingsFile moved successfully.
C:\WINDOWS\Reimage.ini moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 08112013_120457


----------



## Cookiegal (Aug 27, 2003)

Your current default search engine is shown as ask.com. Is this by choice? I ask because it sometimes gets set through third party applications without your knowledge or consent. If that's what you want then it's fine but if not then I will give you instructions on how to change it.

Also, there are a couple of things that are set to run at startup that taking up a lot of resources on your computer so disabling them should make some improvement.

The first one is the HP order reminder. What is does is it sets specific times for reminders to check the current level of toner in the print cartridge. If you rely on that and don't want to disable it then leave it but if you don't need it then please do the following:

Pres Win + R on simultaneously on your keyboard to open a run box then type in *msconfig* and hit Enter to open the System Configuration Utility. Then click on the Startup tab and scroll down the list of items there to the one related to the following entry and uncheck it then click Apply and OK:

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

Also, the Yahoo Updater Service uses a lot of resources and it's recommended to disable it. To you want to do that, open the System Configuration Utility again but this time click on the services tab. Locate the service related to:

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

Double-click the service to open it and then change the startup type from automatic to disabled then click Apply and OK.

Reboot the machine and let me know how things are now.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Your current default search engine is shown as ask.com. Is this by choice? I ask because it sometimes gets set through third party applications without your knowledge or consent. If that's what you want then it's fine but if not then I will give you instructions on how to change it.
> 
> Also, there are a couple of things that are set to run at startup that taking up a lot of resources on your computer so disabling them should make some improvement.
> 
> ...


Yes, I would like to remove the Ask.com as my default search engine. I've mentioned this before but it appears to have grafted itself onto the side of Google.com and I've tried to reset the homepage already but failed. I think with a Java Update one time it asked if I wanted to set my homepage to Ask.com and I forgot to uncheck the box.

The HP Order Reminder and the Yahoo Updater have both been disabled.

It suddenly occurred to me, the following changes with OTL won't adversely effect the workings of my computer in any way will they?

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\WINDOWS\System32\SettingsFile moved successfully.


----------



## Cookiegal (Aug 27, 2003)

James321 said:


> It suddenly occurred to me, the following changes with OTL won't adversely effect the workings of my computer in any way will they?
> 
> Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
> 
> C:\WINDOWS\System32\SettingsFile moved successfully.


No they won't. The first one was not the run key that was deleted but rather only an empty value under the run key and the second was created by the Reimage software that you downloaded by mistake when you were asked to download AdwCleaner.

To change your default search engine, please click the icon of your current default search engine on the left side of the search toolbar.

Select the search engine that you want from the drop-down list and that will make it your default one.

Then click the icon of your default search engine again and this time, from the drop-down menu go to the bottom and select "Manage Search Engines" and delete *ask.com* from the list.

Have you seen any improvement in the computer?


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> No they won't. The first one was not the run key that was deleted but rather only an empty value under the run key and the second was created by the Reimage software that you downloaded by mistake when you were asked to download AdwCleaner.
> 
> To change your default search engine, please click the icon of your current default search engine on the left side of the search toolbar.
> 
> ...


In Windows Vista the icon on the left of the search toolbar gives you a list of permissions when you click on it. I couldn't see a list of search engines.

I have tried changing the homepage before but without success. The problem is that my homepage is set to Google Chrome but when you type in a search request on the Google Chrome homepage you get Ask.com search results everytime. It is as if Ask.com is grafted onto the side of Google Chrome and it slows the browser down significantly.

Unfortunately my computer seemed just as busy on logging onto the Net this morning but perhaps not for quite as long as usual.


----------



## Cookiegal (Aug 27, 2003)

Try following these instructions to set the default search engine and to delete ask.com from the list.

https://support.google.com/chrome/answer/95653?hl=en

Let me know how that goes please.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Try following these instructions to set the default search engine and to delete ask.com from the list.
> 
> https://support.google.com/chrome/answer/95653?hl=en
> 
> Let me know how that goes please.


That appears to have sorted the problem out.

I can't remember what I was doing before but whatever it was didn't work.


----------



## Cookiegal (Aug 27, 2003)

OK, please run a new quick scan with OTL and post the log so I can see if anything else needs addressing.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> OK, please run a new quick scan with OTL and post the log so I can see if anything else needs addressing.


This is the result of the Quick Scan run with OTL:

OTL logfile created on: 13/08/2013 12:08:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G Alexander\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.63 Mb Total Physical Memory | 100.48 Mb Available Physical Memory | 9.90% Memory free
2.24 Gb Paging File | 0.77 Gb Available in Paging File | 34.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.40 Gb Total Space | 22.63 Gb Free Space | 16.01% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 1.00 Gb Free Space | 13.13% Space Free | Partition Type: NTFS

Computer Name: MYHOME-PC | User Name: G Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/08 17:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\G Alexander\Downloads\OTL.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/07/10 10:13:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\ACFXAU32.exe
PRC - [2007/02/15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/25 01:49:46 | 000,396,240 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/25 01:49:45 | 013,599,184 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/25 01:49:44 | 004,052,944 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/25 01:48:51 | 001,597,392 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 15:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll

========== Services (SafeList) ==========

SRV - [2013/06/12 20:55:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/10 10:13:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\ACFXAU32.exe -- (XAudioService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GALEXA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/30 11:14:47 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130812.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/30 11:14:47 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130812.023\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/26 12:46:54 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/25 15:10:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/23 06:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/21 06:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/21 05:41:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/16 06:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/25 01:43:56 | 000,352,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/22 19:03:05 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/04/16 03:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/03/05 02:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/05 02:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/08/09 19:12:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/10 10:13:38 | 000,028,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2007/07/10 10:13:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2007/06/29 12:39:46 | 000,086,656 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2007/03/15 11:52:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
DRV - [2007/01/15 23:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2003/10/15 09:07:38 | 000,012,288 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003/10/11 00:39:52 | 000,011,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{3C4FEA24-ECEB-40EC-988E-5804BE29627C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3C4FEA24-ECEB-40EC-988E-5804BE29627C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFFPlgn\ [2013/07/26 13:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/08/13 10:54:06 | 000,000,000 | ---D | M]

[2011/03/06 16:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G Alexander\AppData\Roaming\Mozilla\Extensions
[2011/03/06 16:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G Alexander\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CnxtCoInstallerDefer] C:\Program Files\CONEXANT\SETUP4A940181248\SETUP\SETUP.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5C66C2-0B0F-468F-B4E7-7AE04A5E55C6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\G Alexander\Pictures\Otemanu Peak, Bora Bora, French Polynesia.jpg
O24 - Desktop BackupWallPaper: C:\Users\G Alexander\Pictures\Otemanu Peak, Bora Bora, French Polynesia.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/11 12:04:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/07 14:05:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/06 10:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/06 10:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/26 13:07:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

========== Files - Modified Within 30 Days ==========

[2013/08/13 12:15:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA.job
[2013/08/13 12:09:47 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A332A088-FE5E-4AE9-A578-04045CD33C28}.job
[2013/08/13 11:53:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/13 11:53:06 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/13 11:53:06 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/13 11:43:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/13 10:51:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/13 10:51:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/13 10:51:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/13 10:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/13 10:51:01 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/12 22:15:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core.job
[2013/08/06 17:19:53 | 000,215,552 | ---- | M] () -- C:\Users\G Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/05 14:03:23 | 196,907,612 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/01 11:27:57 | 000,002,078 | ---- | M] () -- C:\Users\G Alexander\Desktop\Google Chrome.lnk
[2013/07/31 09:09:08 | 000,376,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/26 13:07:33 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/26 13:07:03 | 002,608,897 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013/07/26 13:06:03 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021
[2013/07/26 12:46:54 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/26 12:46:54 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/26 12:46:54 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

========== Files Created - No Company Name ==========

[2011/05/19 18:25:34 | 000,001,940 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/08/20 13:25:01 | 000,027,404 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\rx_audio.Cache
[2008/08/20 11:47:39 | 000,000,000 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\rx_image.Cache
[2008/02/28 15:24:35 | 000,000,124 | ---- | C] () -- C:\Users\G Alexander\AppData\Roaming\wklnhst.dat
[2007/09/22 09:47:44 | 000,215,552 | ---- | C] () -- C:\Users\G Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/03 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\Amazon
[2007/11/26 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\BT
[2009/07/09 12:09:17 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\IBP
[2007/09/22 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\InterTrust
[2012/06/24 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\muvee Technologies
[2011/03/06 16:09:30 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\Philips-Songbird
[2008/02/28 15:24:38 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\Template
[2013/08/07 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\Uniblue
[2008/04/23 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\G Alexander\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Pres Win + R on simultaneously on your keyboard to open a run box then type in *msconfig *and hit Enter to open the System Configuration Utility. Then click on the Startup tab and scroll down the list of items there to the one related to the following entry and uncheck it then click Apply and OK:

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found

It should be labelled simply "jusched" in that list.

That is the Java updater but the file is missing so it will try to run but unsuccessfully.

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Pres Win + R on simultaneously on your keyboard to open a run box then type in *msconfig *and hit Enter to open the System Configuration Utility. Then click on the Startup tab and scroll down the list of items there to the one related to the following entry and uncheck it then click Apply and OK:
> 
> O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
> 
> ...


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/08/2013 16:09:28

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/08/2013 10:11:47
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 316994

Log: 'Application' Date/Time: 14/08/2013 10:11:47
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 316994

Log: 'Application' Date/Time: 14/08/2013 10:11:47
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 13/08/2013 20:03:35
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 20483

Log: 'Application' Date/Time: 13/08/2013 20:03:35
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 20483

Log: 'Application' Date/Time: 13/08/2013 20:03:35
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 13/08/2013 20:03:34
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 19484

Log: 'Application' Date/Time: 13/08/2013 20:03:34
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 19484

Log: 'Application' Date/Time: 13/08/2013 20:03:34
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 13/08/2013 20:03:33
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 18470

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/08/2013 12:27:01
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007041D

Log: 'Application' Date/Time: 13/08/2013 21:42:23
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4238356135-1069967474-2706294926-1000:
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\trust
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\Root
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\My
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\CA
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1148 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Log: 'Application' Date/Time: 09/08/2013 21:38:52
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4238356135-1069967474-2706294926-1000:
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\trust
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\Root
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Policies\Microsoft\SystemCertificates
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\My
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\CA
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1136 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Log: 'Application' Date/Time: 08/08/2013 21:46:40
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes:
Process 5784 (\Device\HarddiskVolume1\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000_CLASSES

Log: 'Application' Date/Time: 08/08/2013 21:46:38
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-4238356135-1069967474-2706294926-1000:
Process 5784 (\Device\HarddiskVolume1\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000
Process 5784 (\Device\HarddiskVolume1\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Direct3D
Process 5784 (\Device\HarddiskVolume1\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/08/2013 14:52:00
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 14/08/2013 14:46:48
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/08/2013 14:45:34
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/08/2013 13:09:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 14/08/2013 13:09:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 14/08/2013 13:09:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 14/08/2013 13:09:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 14/08/2013 13:09:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 14/08/2013 12:42:19
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Log: 'System' Date/Time: 14/08/2013 12:27:05
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/08/2013 13:34:44
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2861855(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 14/08/2013 13:34:44
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2861855(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 14/08/2013 13:34:44
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2861855(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 14/08/2013 13:34:44
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2861855(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 14/08/2013 13:34:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2861855(Security Update) is not applicable for this system

Log: 'System' Date/Time: 14/08/2013 13:34:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2861855(Security Update) is not applicable for this system

Log: 'System' Date/Time: 14/08/2013 13:21:15
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB974145(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 14/08/2013 13:21:15
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB974145(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 14/08/2013 13:21:15
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB978338(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 14/08/2013 13:21:15
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB978338(Security Update) into Installed(Installed) state


----------



## Cookiegal (Aug 27, 2003)

I don't know why there's an error regarding an MS security update that says it's not applicable for this system (KB2861855).

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> I don't know why there's an error regarding an MS security update that says it's not applicable for this system (KB2861855).
> 
> Please run the MGA Diagnostic Tool and post back the report it creates:
> Download *MGADiag* to your desktop.
> ...


I have noticed I have been having a few problems with Windows Vista in general. Not long after installing Vista the Windows Mail stopped working. Completely reinstalling Vista seemed to work for a while then it stopped working again so I gave up. The screensaver has also stopped working and all you get is a blank screen. I have also noticed the browser is a bit slow in Google Chrome. After typing something into the URL address bar a delay of up to 10 seconds can occur before any of your typing actually appears on screen.

Here is the log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {69434F2E-7B76-4D8E-A7C0-ED9A373B09A8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6001.18000

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{69434F2E-7B76-4D8E-A7C0-ED9A373B09A8}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-4238356135-1069967474-2706294926</SID><SYSTEM><Manufacturer>Compaq-Presario</Manufacturer><Model>GM274AA-ABU SR5109UK</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>v5.05</Version><SMBIOSVersion major="2" minor="5"/><Date>20070529000000.000000+000</Date></BIOS><HWID>D0303507018400EA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7ADFB8C80C90F12</Val><Hash>dTxH7ESYup5Rbm0xWrZrxAXLeMI=</Hash><Pid>81602-905-3470601-68383</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-2057-6000.0000-2642007
Installation ID: 119716012052177402419381775753516572048024812250301384
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ/K614c3vVAiap2SOTIZhjx8vQMjG58rFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name	OEMID Value	OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC


----------



## Cookiegal (Aug 27, 2003)

I don't see anything in that report of any significance.

You said you installed Vista. I assume then that it shipped with XP?


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> I don't see anything in that report of any significance.
> 
> You said you installed Vista. I assume then that it shipped with XP?


No. The Vista was apparently contained within a chip inside the computer but it still had to be installed onto the hard drive.


----------



## Cookiegal (Aug 27, 2003)

It looks like Norton360 is causing the registry to not be released in a timely manner on shutdown. To rectify that you should install the User Profile Hive Clean Up Services from the following like:

http://www.microsoft.com/en-ca/download/details.aspx?id=6676

Once you've installed that let me know how things are please.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> It looks like Norton360 is causing the registry to not be released in a timely manner on shutdown. To rectify that you should install the User Profile Hive Clean Up Services from the following like:
> 
> http://www.microsoft.com/en-ca/download/details.aspx?id=6676
> 
> Once you've installed that let me know how things are please.


The User Profile Hive Clean Up Services software wouldn't install properly after two attempts.


----------



## Cookiegal (Aug 27, 2003)

What happens when you try to install it? Are you getting error messages?


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> What happens when you try to install it? Are you getting error messages?


A message reports that a certain feature of the software failed to complete installation.


----------



## Cookiegal (Aug 27, 2003)

Sorry, apparently it doesn't run on Vista.

So it may well be Norton that's causing the problems. Do you have the media and license key needed to be able to reinstall it if you were to uninstall it as a test to see if indeed that's what's causing the problem?


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Sorry, apparently it doesn't run on Vista.
> 
> So it may well be Norton that's causing the problems. Do you have the media and license key needed to be able to reinstall it if you were to uninstall it as a test to see if indeed that's what's causing the problem?


I couldn't locate the installation disc. I tend to re-subscribe to Norton 360 each year over the net and download the latest versions of the software from the same site.

Another alternative is to temporarily turn off Norton and see what happens.

Another thing I have noticed on my PC is that the Network and Sharing Center information box which governs the internet connection often shows the File Sharing status as 'On' even when I keep turning it back to 'Off' each time. Why should it keep turning back to On by itself? Is this a possible sign of suspicious activity?


----------



## Cookiegal (Aug 27, 2003)

It won't help to disable Norton as there will always be registry entries and components that may take hold of them as soon as the computer boots.

I don't think the network issue is a sign of malware but let's try another scan.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> It won't help to disable Norton as there will always be registry entries and components that may take hold of them as soon as the computer boots.
> 
> I don't think the network issue is a sign of malware but let's try another scan.
> 
> ...


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by G Alexander (administrator) on 19-08-2013 11:56:49
Running from C:\Users\G Alexander\Downloads
Microsoft® Windows Vista Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\ACFXAU32.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [CnxtCoInstallerDefer] - C:\Program Files\CONEXANT\SETUP4A940181248\SETUP\SETUP.EXE [999424 2008-03-18] (Conexant Systems, Inc.)
HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [1584640 2009-12-07] (Alcatel-Lucent)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-17] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-04-25] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
SearchScopes: HKCU - {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\G Alexander\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (DivX\u00AE Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\GALEXA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\GALEXA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\GALEXA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\GALEXA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU32.exe [386560 2007-07-10] (Conexant Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [86656 2007-06-29] (Conexant Systems Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-21] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28800 2007-07-10] (Conexant Systems, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-07-25] (Symantec Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK32.sys [12672 2007-03-15] (Conexant)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MTDVC2; C:\Windows\System32\DRIVERS\mtdv2ku2.sys [12288 2003-10-15] (Matsu****a Electric Industrial Co., Ltd.)
S3 MTDVC2_ENUM; C:\Windows\System32\DRIVERS\mtdv2ks2.sys [11648 2003-10-11] (Matsu****a Electric Industrial Co., Ltd.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130818.019\NAVENG.SYS [93272 2013-08-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130818.019\NAVEX15.SYS [1611992 2013-08-14] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-07-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU32.sys [8704 2007-07-10] (Conexant Systems, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 cpuz134; \??\C:\Users\GALEXA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-19 11:53 - 2013-08-19 11:53 - 01069895 _____ (Farbar) C:\Users\G Alexander\Downloads\FRST.exe
2013-08-17 14:48 - 2013-08-17 14:50 - 00024810 _____ C:\Users\G Alexander\Downloads\readme.txt
2013-08-17 14:48 - 2013-08-17 14:48 - 00430080 _____ C:\Users\G Alexander\Downloads\UPHClean-Setup.msi
2013-08-15 15:51 - 2013-08-15 15:51 - 00000000 ____D C:\MGADiagToolOutput
2013-08-15 15:48 - 2013-08-15 15:48 - 02031992 _____ (Microsoft Corporation) C:\Users\G Alexander\Downloads\MGADiag.exe
2013-08-14 16:09 - 2013-08-14 16:09 - 00015537 _____ C:\VEW.txt
2013-08-14 15:40 - 2013-08-14 15:41 - 00061440 _____ ( ) C:\Users\G Alexander\Downloads\VEW.exe
2013-08-14 12:29 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:29 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 12:29 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 12:26 - 2013-07-24 01:32 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:25 - 2013-07-24 01:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:25 - 2013-07-24 01:33 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:25 - 2013-07-24 01:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-14 12:25 - 2013-07-24 01:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-14 12:25 - 2013-07-24 01:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 12:25 - 2013-07-24 01:32 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-14 12:25 - 2013-07-24 01:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:25 - 2013-07-24 00:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 12:25 - 2013-07-24 00:49 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:25 - 2013-07-24 00:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:25 - 2013-07-24 00:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 12:25 - 2013-07-24 00:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-14 12:25 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 12:25 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:25 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 12:25 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 12:25 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 12:24 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:24 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:24 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:24 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-11 12:04 - 2013-08-11 12:04 - 00000000 ____D C:\_OTL
2013-08-10 11:56 - 2013-08-10 12:09 - 00007592 _____ C:\Users\G Alexander\Downloads\SystemLook.txt
2013-08-09 16:10 - 2013-08-09 16:10 - 00075264 _____ C:\Users\G Alexander\Downloads\SystemLook.exe
2013-08-08 17:22 - 2013-08-13 12:30 - 00058364 _____ C:\Users\G Alexander\Downloads\OTL.Txt
2013-08-08 17:22 - 2013-08-08 17:22 - 00037350 _____ C:\Users\G Alexander\Downloads\Extras.Txt
2013-08-08 17:02 - 2013-08-08 17:03 - 00602112 _____ (OldTimer Tools) C:\Users\G Alexander\Downloads\OTL.exe
2013-08-07 14:05 - 2013-08-07 14:05 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 13:53 - 2013-08-07 13:55 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\G Alexander\Downloads\JRT.exe
2013-08-06 10:17 - 2013-08-06 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 10:12 - 2013-08-06 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 14:03 - 2013-08-05 14:03 - 00144872 _____ C:\Windows\Minidump\Mini080513-02.dmp
2013-08-05 13:41 - 2013-08-05 13:41 - 00144872 _____ C:\Windows\Minidump\Mini080513-01.dmp
2013-08-04 20:06 - 2013-08-04 20:07 - 00006664 _____ C:\AdwCleaner[S1].txt
2013-08-02 11:09 - 2013-08-02 11:09 - 00006803 _____ C:\AdwCleaner[R1].txt
2013-08-02 11:06 - 2013-08-02 11:08 - 00666633 _____ C:\Users\G Alexander\Downloads\AdwCleaner.exe
2013-07-30 17:12 - 2013-06-23 22:40 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-30 17:12 - 2013-06-23 22:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-30 17:12 - 2013-06-23 22:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2013-08-19 11:56 - 2013-08-19 11:56 - 00000000 ____D C:\FRST
2013-08-19 11:53 - 2013-08-19 11:53 - 01069895 _____ (Farbar) C:\Users\G Alexander\Downloads\FRST.exe
2013-08-19 11:53 - 2013-02-25 12:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 11:43 - 2010-02-14 17:51 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 11:29 - 2009-05-01 12:07 - 00000434 ____H C:\Windows\Tasks\User_Feed_Synchronization-{A332A088-FE5E-4AE9-A578-04045CD33C28}.job
2013-08-19 11:15 - 2009-07-05 17:59 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA.job
2013-08-19 11:03 - 2007-09-21 21:14 - 01200956 _____ C:\Windows\WindowsUpdate.log
2013-08-19 10:40 - 2010-02-14 17:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 10:40 - 2007-06-06 21:07 - 00000000 ____D C:\Windows\SMINST
2013-08-19 10:40 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 10:40 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 10:40 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 22:41 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 22:15 - 2009-07-05 17:59 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core.job
2013-08-17 14:50 - 2013-08-17 14:48 - 00024810 _____ C:\Users\G Alexander\Downloads\readme.txt
2013-08-17 14:48 - 2013-08-17 14:48 - 00430080 _____ C:\Users\G Alexander\Downloads\UPHClean-Setup.msi
2013-08-15 15:51 - 2013-08-15 15:51 - 00000000 ____D C:\MGADiagToolOutput
2013-08-15 15:48 - 2013-08-15 15:48 - 02031992 _____ (Microsoft Corporation) C:\Users\G Alexander\Downloads\MGADiag.exe
2013-08-14 21:27 - 2006-11-02 11:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 19:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 16:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-08-14 16:09 - 2013-08-14 16:09 - 00015537 _____ C:\VEW.txt
2013-08-14 15:41 - 2013-08-14 15:40 - 00061440 _____ ( ) C:\Users\G Alexander\Downloads\VEW.exe
2013-08-14 14:34 - 2013-07-11 16:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 14:22 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-14 14:08 - 2007-06-06 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 12:30 - 2013-08-08 17:22 - 00058364 _____ C:\Users\G Alexander\Downloads\OTL.Txt
2013-08-12 11:18 - 2007-06-06 21:09 - 00338694 _____ C:\Windows\PFRO.log
2013-08-11 12:04 - 2013-08-11 12:04 - 00000000 ____D C:\_OTL
2013-08-10 12:09 - 2013-08-10 11:56 - 00007592 _____ C:\Users\G Alexander\Downloads\SystemLook.txt
2013-08-09 16:10 - 2013-08-09 16:10 - 00075264 _____ C:\Users\G Alexander\Downloads\SystemLook.exe
2013-08-08 17:22 - 2013-08-08 17:22 - 00037350 _____ C:\Users\G Alexander\Downloads\Extras.Txt
2013-08-08 17:03 - 2013-08-08 17:02 - 00602112 _____ (OldTimer Tools) C:\Users\G Alexander\Downloads\OTL.exe
2013-08-07 16:41 - 2007-06-06 20:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-07 14:05 - 2013-08-07 14:05 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 13:58 - 2010-01-12 20:28 - 00000000 ____D C:\Users\G Alexander\AppData\Roaming\Uniblue
2013-08-07 13:55 - 2013-08-07 13:53 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\G Alexander\Downloads\JRT.exe
2013-08-06 17:19 - 2007-09-22 09:47 - 00215552 _____ C:\Users\GALEXA~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-06 10:40 - 2013-08-06 10:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 10:12 - 2013-08-06 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 14:12 - 2010-05-25 18:53 - 00000000 ____D C:\Users\GALEXA~1\AppData\Local\CrashDumps
2013-08-05 14:03 - 2013-08-05 14:03 - 00144872 _____ C:\Windows\Minidump\Mini080513-02.dmp
2013-08-05 14:03 - 2009-06-11 18:47 - 196907612 _____ C:\Windows\MEMORY.DMP
2013-08-05 14:03 - 2009-06-11 18:47 - 00000000 ____D C:\Windows\Minidump
2013-08-05 13:41 - 2013-08-05 13:41 - 00144872 _____ C:\Windows\Minidump\Mini080513-01.dmp
2013-08-04 20:07 - 2013-08-04 20:06 - 00006664 _____ C:\AdwCleaner[S1].txt
2013-08-02 11:09 - 2013-08-02 11:09 - 00006803 _____ C:\AdwCleaner[R1].txt
2013-08-02 11:08 - 2013-08-02 11:06 - 00666633 _____ C:\Users\G Alexander\Downloads\AdwCleaner.exe
2013-08-02 11:01 - 2007-09-21 21:45 - 00000000 ____D C:\Users\GALEXA~1\AppData\Local\Google
2013-08-01 11:27 - 2009-04-25 11:25 - 00002078 _____ C:\Users\G Alexander\Desktop\Google Chrome.lnk
2013-07-31 09:09 - 2006-11-02 13:47 - 00376640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-30 21:50 - 2007-09-21 21:29 - 00102640 _____ C:\Users\GALEXA~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 17:17 - 2007-10-21 20:20 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-26 13:09 - 2010-04-29 19:10 - 00000000 ____D C:\ProgramData\Norton
2013-07-26 13:07 - 2010-05-07 11:23 - 00002021 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-07-26 13:07 - 2010-05-07 11:22 - 00000000 ____D C:\Windows\system32\Drivers\N360
2013-07-26 12:46 - 2010-05-07 11:23 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-07-26 12:46 - 2010-05-07 11:23 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-07-24 01:33 - 2013-08-14 12:25 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 01:33 - 2013-08-14 12:25 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 01:33 - 2013-08-14 12:25 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-24 01:33 - 2013-08-14 12:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-24 01:33 - 2013-08-14 12:25 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 01:32 - 2013-08-14 12:26 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-24 01:32 - 2013-08-14 12:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-24 01:32 - 2013-08-14 12:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 00:56 - 2013-08-14 12:25 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-24 00:49 - 2013-08-14 12:25 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 00:49 - 2013-08-14 12:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-24 00:49 - 2013-08-14 12:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-24 00:49 - 2013-08-14 12:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-19 10:46

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013
Ran by G Alexander at 2013-08-19 11:58:57
Running from C:\Users\G Alexander\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.5 (Version: 9.5.5)
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
BT Broadband Desktop Help
BT Broadband Talk Softphone 2.0
BT Wireless Connection Manager
BTTotalBroadband220V
DivX Codec (Version: 6.9.1)
DivX Content Uploader (Version: 1.0.0)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
ESP Test 3.0
GearDrvs (Version: 1)
GearDrvs (Version: 1.00.0000)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
H.264 Decoder (Version: 1.1.0)
Hardware Diagnostic Tools (Version: 5.00.4424.15)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.1.0.2264)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.1.0.2269)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP OrderReminder (Version: 2.1)
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Update (Version: 5.005.000.002)
HPSSupply (Version: 100.0.172.000)
iCloud (Version: 2.1.2.8)
Intel(R) Graphics Media Accelerator Driver
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LaserJet 1018
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MKV Splitter (Version: 1.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
Norton 360 (Version: 20.4.0.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Philips Songbird (Version: 3.2.1667 (1667))
PSSWCORE (Version: 2.00.5000)
Python 2.4.3 (Version: 2.4.3150)
QuickTime (Version: 7.74.80.86)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.559)
Shop for HP Supplies (Version: 10.0)
Skype 2.5 (Version: 2.5)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Symantec Technical Support Web Controls (Version: 3.4.0)
Ulead Photo Explorer 8.0 SE Basic (Version: 8.0)
Ulead Photo Express 5 SE (Version: 5.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Modem (Version: 2.0.15.50)
V5385 Digital Camera Driver
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WYSIWYG Web Builder 5.5 
Xvid 1.1.3 final uninstall (Version: 1.1)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==================== Restore Points =========================

26-07-2013 18:47:45 Scheduled Checkpoint
30-07-2013 16:08:41 Removed Java(TM) 6 Update 3
30-07-2013 16:13:45 Removed Java(TM) 6 Update 5
30-07-2013 16:16:13 Removed Java(TM) 6 Update 7
30-07-2013 17:47:14 Norton 360 Registry Clean
04-08-2013 17:51:45 Windows Update
07-08-2013 12:58:23 Uniblue SpeedUpMyPC installation
07-08-2013 15:38:35 Removed NetWaiting
07-08-2013 15:41:12 Removed NetWaiting
08-08-2013 10:46:20 Scheduled Checkpoint
14-08-2013 12:18:14 Windows Update
17-08-2013 13:51:27 Installed User Profile Hive Cleanup Service
17-08-2013 15:09:20 Installed User Profile Hive Cleanup Service

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000736 ____N C:\Windows\system32\Drivers\etc\hosts
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {371080F3-4196-4DC6-ACCC-F342D4434ED2} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4A93ACA7-60B2-4285-B849-850F22C34536} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {4C41E89B-ECED-4637-89AD-5E6F59584DB4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {5DFC8314-1B39-4D2E-870E-821CAA1A55CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14] (Google Inc.)
Task: {663B1AED-7127-48DF-9D34-ADEF1455F2CE} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {77F05E5E-E3AF-4A9C-BDD0-478F1BCC00CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {780835AE-E495-49AB-8CD7-07C5F18126AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25] (Google Inc.)
Task: {88CBEA36-30CB-4C0E-BCA4-0D16277508C8} - System32\Tasks\User_Feed_Synchronization-{A332A088-FE5E-4AE9-A578-04045CD33C28} => C:\Windows\system32\msfeedssync.exe [2013-07-24] (Microsoft Corporation)
Task: {91D5551B-C666-4F30-AABC-99F3057DEE66} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {AD4BCA1F-95B5-4EA9-A1B0-6AC6ABB7A069} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25] (Google Inc.)
Task: {B6A45733-D1FB-41B3-BE0F-F441A94938EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000 => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25] (Google Inc.)
Task: {C428484C-FEF9-48D1-A94D-4CA403E10750} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14] (Google Inc.)
Task: {CE2B4CD9-FD36-46BB-BA52-469F8FBBC6D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000Core.job => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000UA.job => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{A332A088-FE5E-4AE9-A578-04045CD33C28}.job => C:\Windows\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2013 06:54:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4996946

Error: (08/18/2013 06:54:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4996946

Error: (08/18/2013 06:54:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2013 06:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4995947

Error: (08/18/2013 06:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4995947

Error: (08/18/2013 06:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2013 06:54:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4994949

Error: (08/18/2013 06:54:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4994949

Error: (08/18/2013 06:54:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2013 06:54:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4993950

System errors:
=============
Error: (08/19/2013 10:50:52 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/18/2013 10:41:07 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (08/18/2013 06:56:52 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/18/2013 04:49:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/18/2013 03:29:40 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (08/18/2013 02:33:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/18/2013 11:34:24 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/17/2013 10:42:59 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (08/17/2013 07:21:55 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/17/2013 04:54:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001C25037430 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-08-19 11:58:46.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:45.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:44.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:42.836
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:18.123
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:17.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:16.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:15.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:58:00.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-19 11:57:58.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 85%
Total physical RAM: 1014.63 MB
Available physical RAM: 145.21 MB
Total Pagefile: 2293.6 MB
Available Pagefile: 952.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.45 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:141.4 GB) (Free:22.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.65 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

You have a scheduled task called IH Uninstall Tracking Task"

Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File

Do you know what this relates to?

There are also errors relating to Norton 360. I found a page at Symantec claiming it's no fault of theirs so I don't know what is causing it:

http://www.symantec.com/business/support/index?page=content&id=TECH194165


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> You have a scheduled task called IH Uninstall Tracking Task"
> 
> Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File
> 
> ...


I can't think what IH Uninstall refers to.

Can't comment on the Norton error.


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*ihu*
*ieh*
*prot*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please download  *SystemLook* and save it to your Desktop.
> 
> Double-click *SystemLook.exe* to run it.
> Copy the content of the following code box into the main text field:
> ...


SystemLook 04.09.10 by jpshortstuff
Log created at 12:22 on 21/08/2013 by G Alexander
Administrator - Elevation successful

========== filefind ==========

Searching for "*ihu*"
C:\hp\drivers\Intel_UMA_Graphics\Graphics\LANG\HDMI\hun\HDMIhun.dll	--a---- 64512 bytes	[19:33 06/06/2007]	[15:24 30/04/2007] 74A715657F1B8F5653B9454AAC77A31F
C:\hp\drivers\Intel_UMA_Graphics\Lang\HDMI\hun\HDMIhun.dll	--a---- 64512 bytes	[19:33 06/06/2007]	[15:24 30/04/2007] 74A715657F1B8F5653B9454AAC77A31F
C:\Program Files\Java\jre7\lib\zi\America\Chihuahua	--a---- 816 bytes	[21:40 23/06/2013]	[21:40 23/06/2013] 92C4A315A4935330F79159C91933CDDC
C:\WINDOWS\System32\UIHub.dll	--a---- 2588160 bytes	[19:49 25/03/2008]	[07:36 19/01/2008] DE8E22BC0268D81FF4FED229B0CB3293
C:\WINDOWS\System32\en-US\UIHub.dll.mui	--a---- 16384 bytes	[12:41 02/11/2006]	[12:41 02/11/2006] A628DF7FE0E0FE8424C558710932D41D
C:\WINDOWS\System32\licensing\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms	--a---- 3139 bytes	[19:48 25/03/2008]	[07:14 19/01/2008] 4D57C5079A9FCDFDDB150AEFB3284851
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-t..tpc-uihub.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5e204e05faa8b0ec.manifest	--a---- 2756 bytes	[12:39 02/11/2006]	[12:39 02/11/2006] DF4299CDB43E4FF09E1F3399642E20AD
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6000.16386_none_115251279f4b2fd5.manifest	--a---- 36371 bytes	[12:33 02/11/2006]	[12:33 02/11/2006] 708A477F40D56D109FDFA5969A097A22
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6001.18000_none_138913239c3640a9.manifest	------- 36371 bytes	[19:21 25/03/2008]	[00:00 19/01/2008] D065B382BE3DAA7349088B1EF48E0774
C:\WINDOWS\winsxs\x86_microsoft-windows-t..tpc-uihub.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5e204e05faa8b0ec\UIHub.dll.mui	--a---- 16384 bytes	[12:41 02/11/2006]	[12:41 02/11/2006] A628DF7FE0E0FE8424C558710932D41D
C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6000.16386_none_115251279f4b2fd5\TabletPC-UIHub-ppdlic.xrm-ms	--a---- 3110 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] 312040F9860DF27824465D9760A68458
C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6000.16386_none_115251279f4b2fd5\UIHub.dll	--a---- 2587648 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] E0D3D6A9D8446D07C9413E9911CE6993
C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6001.18000_none_138913239c3640a9\TabletPC-UIHub-ppdlic.xrm-ms	--a---- 3139 bytes	[19:48 25/03/2008]	[07:14 19/01/2008] 4D57C5079A9FCDFDDB150AEFB3284851
C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.0.6001.18000_none_138913239c3640a9\UIHub.dll	--a---- 2588160 bytes	[19:49 25/03/2008]	[07:36 19/01/2008] DE8E22BC0268D81FF4FED229B0CB3293

Searching for "*ieh*"
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx	------- 37808 bytes	[11:22 22/09/2007]	[15:39 16/04/2001] 8394ABFC1BE196A62C9F532511936DF7
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll	--a---- 64112 bytes	[09:58 08/05/2013]	[09:58 08/05/2013] 52EA21709BC1F025EE51B166E07A19C7
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll	--a---- 77424 bytes	[09:58 08/05/2013]	[09:58 08/05/2013] 218DAE63C3C9243C7D35A23022CF5FF9
C:\Program Files\Microsoft Works\1033\Tasks\iehomepg.bmp	-ra---- 10440 bytes	[13:38 03/05/2005]	[13:38 03/05/2005] F7C8CFA25A7ECB96F65840D5E6B57970
C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll	--a---- 77824 bytes	[18:42 24/06/2009]	[04:42 30/03/2009] 71AD860B59DDD84B9EF9D815A47EC2CF
C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll	--a---- 6656 bytes	[18:41 24/06/2009]	[04:42 30/03/2009] F6572BFD87FD71CECD33E2BBD885C288
C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll	-ra---- 61888 bytes	[08:16 03/01/2012]	[08:16 03/01/2012] 2CBCA94ABCCB2B79E4693BA0E4FC85BE
C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll	-ra---- 75200 bytes	[08:16 03/01/2012]	[08:16 03/01/2012] 1F9B3487739B31C3D770728CB157A54D
C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll	--a---- 14336 bytes	[19:27 15/02/2009]	[18:03 27/07/2008] 1332810C9693D5B559AC957DAAE14A2C
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll	--a---- 77824 bytes	[18:42 24/06/2009]	[04:42 30/03/2009] 71AD860B59DDD84B9EF9D815A47EC2CF
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll	--a---- 6656 bytes	[18:41 24/06/2009]	[04:42 30/03/2009] F6572BFD87FD71CECD33E2BBD885C288
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6000.16386_none_7e850f5c07b82741.manifest	--a---- 3926 bytes	[10:21 02/11/2006]	[10:09 02/11/2006] 60DF3AB07F28DB7312200B85F5252B14
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6000.16720_none_7e7f95c007bcf6b5.manifest	------- 3926 bytes	[19:27 15/02/2009]	[23:16 27/07/2008] 6BBF301299D344044D997E24D1A50028
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6000.20883_none_67b7ac64215f3ba8.manifest	------- 3926 bytes	[19:27 15/02/2009]	[23:19 27/07/2008] A4977D7BB1FF10E28EFE69EDC2A77893
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6001.18000_none_7e599118080fd00d.manifest	------- 3926 bytes	[19:22 25/03/2008]	[00:04 19/01/2008] B72D86E7C7FB3BE21DFC2B378B8A0DD2
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6001.18111_none_7e5a7a76080f0356.manifest	------- 3926 bytes	[19:27 15/02/2009]	[23:41 27/07/2008] 86CF86F14B671AA582A3B64C125F3B01
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6001.22230_none_678eeb1221b47c69.manifest	------- 3926 bytes	[19:27 15/02/2009]	[23:27 27/07/2008] 327EEF8C7B949378C4B0FC78B1A7461A
C:\WINDOWS\winsxs\Manifests\msil_iehost_b03f5f7f11d50a3a_6.0.6002.18005_none_7e35165408616421.manifest	------- 3926 bytes	[18:04 24/06/2009]	[23:15 10/04/2009] AC00620998FC4593F12062BEACC7CD50
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.16386_none_81b43bde8b14dc00.manifest	--a---- 2966 bytes	[10:21 02/11/2006]	[10:13 02/11/2006] 6E2606A037EE8966594700B6406E0FCB
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.16720_none_81aec2428b19ab74.manifest	------- 2966 bytes	[19:27 15/02/2009]	[23:16 27/07/2008] 28E356F353596CDFF9F885C694374F88
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.20883_none_6ae6d8e6a4bbf067.manifest	------- 2966 bytes	[19:27 15/02/2009]	[23:18 27/07/2008] 1B6D6689A88B32ECB4C75A8497CC8E38
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.18000_none_8188bd9a8b6c84cc.manifest	------- 2966 bytes	[19:22 25/03/2008]	[00:03 19/01/2008] 94D86D6AE1493A606201C690EF084802
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.18111_none_8189a6f88b6bb815.manifest	------- 2966 bytes	[19:27 15/02/2009]	[23:40 27/07/2008] AD3834F7BC2E7DB10D0EFF191155BA2E
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.22230_none_6abe1794a5113128.manifest	------- 2966 bytes	[19:27 15/02/2009]	[23:27 27/07/2008] 7621C6D55CF822D7B881894B9B243ECA
C:\WINDOWS\winsxs\Manifests\msil_iiehost_b03f5f7f11d50a3a_6.0.6002.18005_none_816442d68bbe18e0.manifest	------- 2966 bytes	[18:04 24/06/2009]	[23:14 10/04/2009] B262BAD427B75CE1154CA63CA4758815
C:\WINDOWS\winsxs\Manifests\x86_iehost.registry_31bf3856ad364e35_6.0.6000.16386_none_c72013c9bd25b9fa.manifest	--a---- 3941 bytes	[10:21 02/11/2006]	[10:01 02/11/2006] A292A1EC04188E60584638D3E0D110A6
C:\WINDOWS\winsxs\Manifests\x86_iehost.registry_31bf3856ad364e35_6.0.6000.16720_none_c75af92dbcfa6ee6.manifest	------- 3941 bytes	[19:27 15/02/2009]	[23:12 27/07/2008] 6A70305EB6721E6582A13E58E1A58E7B
C:\WINDOWS\winsxs\Manifests\x86_iehost.registry_31bf3856ad364e35_6.0.6000.20883_none_c7a6b74ed646025b.manifest	------- 3941 bytes	[19:27 15/02/2009]	[23:14 27/07/2008] 994E885395F0D35CB582192D9066CA1C
C:\WINDOWS\winsxs\Manifests\x86_iehost.registry_31bf3856ad364e35_6.0.6001.18111_none_c94d0809ba17fd3d.manifest	------- 3941 bytes	[19:27 15/02/2009]	[23:28 27/07/2008] 825580897BF39618786FEF48F9D07FB3
C:\WINDOWS\winsxs\Manifests\x86_iehost.registry_31bf3856ad364e35_6.0.6001.22230_none_c9c004b2d346bb92.manifest	------- 3941 bytes	[19:27 15/02/2009]	[23:19 27/07/2008] AB1A345115FF93D396541CA2C9425672
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16386_none_158168a6457f1679.manifest	--a---- 2534 bytes	[10:21 02/11/2006]	[10:15 02/11/2006] D92B1C7B75727D0D6C4E71871FBE36CB
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16720_none_15bc4e0a4553cb65.manifest	------- 2534 bytes	[19:27 15/02/2009]	[23:18 27/07/2008] 284CDFFAF868B666B2C8684FA4C4AC14
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.20883_none_16080c2b5e9f5eda.manifest	------- 2534 bytes	[19:27 15/02/2009]	[23:20 27/07/2008] 0FF0C44A929D3732DD9701B63652FFDE
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.18000_none_17b82aa2426a274d.manifest	------- 2534 bytes	[19:21 25/03/2008]	[00:08 19/01/2008] 9F1C2858AE620E4640C82D61D415E10A
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.18111_none_17ae5ce6427159bc.manifest	------- 2534 bytes	[19:27 15/02/2009]	[23:43 27/07/2008] 593E517030D56E59381AEEC46D698FA0
C:\WINDOWS\winsxs\Manifests\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.22230_none_1821598f5ba01811.manifest	------- 2534 bytes	[19:27 15/02/2009]	[23:29 27/07/2008] 65E48FC813F6EE844764E431BC523A25
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6000.16386_none_7e850f5c07b82741\IEHost.dll	--a---- 36864 bytes	[06:34 02/11/2006]	[01:14 20/10/2006] 1B36951B32224E4E2B683D2EBB9724BA
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6000.16720_none_7e7f95c007bcf6b5\IEHost.dll	--a---- 77824 bytes	[19:26 15/02/2009]	[18:00 27/07/2008] 24F0385D06BD86A97412B8905483313E
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6000.20883_none_67b7ac64215f3ba8\IEHost.dll	--a---- 77824 bytes	[19:26 15/02/2009]	[17:55 27/07/2008] 24F0385D06BD86A97412B8905483313E
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6001.18000_none_7e599118080fd00d\IEHost.dll	--a---- 77824 bytes	[19:51 25/03/2008]	[11:26 05/01/2008] 82740931F8A6FD3B5D9DE05E9B653043
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6001.18111_none_7e5a7a76080f0356\IEHost.dll	--a---- 77824 bytes	[19:26 15/02/2009]	[18:03 27/07/2008] 24F0385D06BD86A97412B8905483313E
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6001.22230_none_678eeb1221b47c69\IEHost.dll	--a---- 77824 bytes	[19:26 15/02/2009]	[17:58 27/07/2008] 24F0385D06BD86A97412B8905483313E
C:\WINDOWS\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6002.18005_none_7e35165408616421\IEHost.dll	--a---- 77824 bytes	[18:42 24/06/2009]	[04:42 30/03/2009] 71AD860B59DDD84B9EF9D815A47EC2CF
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.16386_none_81b43bde8b14dc00\IIEHost.dll	--a---- 5632 bytes	[06:34 02/11/2006]	[01:14 20/10/2006] 07111B80890F8F5EE74C002403C464DC
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.16720_none_81aec2428b19ab74\IIEHost.dll	--a---- 6656 bytes	[19:26 15/02/2009]	[18:00 27/07/2008] 11F3AC2D47E566615819F5BF0DD18379
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.20883_none_6ae6d8e6a4bbf067\IIEHost.dll	--a---- 6656 bytes	[19:26 15/02/2009]	[17:55 27/07/2008] 11F3AC2D47E566615819F5BF0DD18379
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.18000_none_8188bd9a8b6c84cc\IIEHost.dll	--a---- 6656 bytes	[19:49 25/03/2008]	[11:26 05/01/2008] EB62D3DFF827F6A748A98A8021654738
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.18111_none_8189a6f88b6bb815\IIEHost.dll	--a---- 6656 bytes	[19:26 15/02/2009]	[18:03 27/07/2008] 11F3AC2D47E566615819F5BF0DD18379
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.22230_none_6abe1794a5113128\IIEHost.dll	--a---- 6656 bytes	[19:26 15/02/2009]	[17:58 27/07/2008] 11F3AC2D47E566615819F5BF0DD18379
C:\WINDOWS\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6002.18005_none_816442d68bbe18e0\IIEHost.dll	--a---- 6656 bytes	[18:41 24/06/2009]	[04:42 30/03/2009] F6572BFD87FD71CECD33E2BBD885C288
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16386_none_158168a6457f1679\sbs_iehost.dll	--a---- 5120 bytes	[06:33 02/11/2006]	[06:33 02/11/2006] C49AE25B418DBD3B62ACEE1E0DC5771D
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16720_none_15bc4e0a4553cb65\sbs_iehost.dll	--a---- 14336 bytes	[19:27 15/02/2009]	[18:00 27/07/2008] 1332810C9693D5B559AC957DAAE14A2C
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.20883_none_16080c2b5e9f5eda\sbs_iehost.dll	--a---- 14336 bytes	[19:27 15/02/2009]	[17:55 27/07/2008] 1332810C9693D5B559AC957DAAE14A2C
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.18000_none_17b82aa2426a274d\sbs_iehost.dll	--a---- 14336 bytes	[19:49 25/03/2008]	[11:25 05/01/2008] A29A8F273849CB925E1AA0C121B76BEA
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.18111_none_17ae5ce6427159bc\sbs_iehost.dll	--a---- 14336 bytes	[19:27 15/02/2009]	[18:03 27/07/2008] 1332810C9693D5B559AC957DAAE14A2C
C:\WINDOWS\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6001.22230_none_1821598f5ba01811\sbs_iehost.dll	--a---- 14336 bytes	[19:27 15/02/2009]	[17:58 27/07/2008] 1332810C9693D5B559AC957DAAE14A2C

Searching for "*prot*"
C:\N360_BACKUP\Drive_C\Users\G Alexander\Documents\My Documents\My eBooks\International patent protection.htm	--a---- 7067 bytes	[08:48 22/09/2007]	[21:30 02/08/2006] 1DAA4577B4F9C64C4A91C8EF94DCFEF7
C:\N360_BACKUP\Drive_C\Users\G Alexander\Documents\My Documents\My Music\Sample Playlists\0106C872\Music tracks with content protection.wpl	--a---- 733 bytes	[08:48 22/09/2007]	[18:02 12/11/2002] 5B4137ECE8B8CC9E1DB38EB0B8EBB0B3
C:\N360_BACKUP\Drive_C\Users\Public\Desktop\Get Protected.URL	--a---- 249 bytes	[10:43 26/11/2007]	[11:03 26/11/2007] C33E6D7077319D5AD16C624F5F17C634
C:\Program Files\BTTotalBroadband220V\Launcher\onlineprotection1.ico	--a---- 25214 bytes	[10:43 26/11/2007]	[10:29 04/09/2009] 4756732EAD02F0632BAF277D68896BC3
C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Generic\Images\ProtectedAudio.PNG	-ra---- 3983 bytes	[19:35 26/03/2007]	[19:35 26/03/2007] 0BA7D06E1959267F5B77F5652EFB6105
C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Generic\Images\ProtectedVideo.png	-ra---- 4853 bytes	[19:35 26/03/2007]	[19:35 26/03/2007] 59EEC61649CC992F709FC2360D454139
C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Generic\Images\SmartViewUnprotected.ico	-ra---- 2862 bytes	[19:35 26/03/2007]	[19:35 26/03/2007] D14824DE05E5D7D7104D808CED529772
C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Generic\Images\AlbumImages\SmartViewUnprotected.png	-ra---- 3480 bytes	[19:35 26/03/2007]	[19:35 26/03/2007] 573902D2D9AD5AE61C9655E35AAAAA9C
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileProtocolHandler.dll	--a---- 113400 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] 52F21F354C701A41AE08464122E225DA
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSImageDeviceProtocolHandler.dll	--a---- 40696 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] 1EEB38513D24E17D6F8D06C6DE2B2F50
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSMemoryProtocolHandler.dll	--a---- 47864 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] 0180BD7BBF4207146EF3316C70D37F6B
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSResourceProtocolHandler.dll	--a---- 51960 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] 54D9ABD4FC6B3BFE1993A392C632285E
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSSkinProtocolHandler.dll	--a---- 51960 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] A3F5A979A1421462D1D3C75549D2101B
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSStorageProtocolHandler.dll	--a---- 64248 bytes	[20:20 26/03/2007]	[20:20 26/03/2007] 755BAFE9E901FCEDE1ECCDEBF9FB76FE
C:\Program Files\Hewlett-Packard\SDP\protector.ini	--a---- 39 bytes	[19:59 06/06/2007]	[19:54 26/07/2006] 7EDD78E15FAF4C85150F8B37B69747C6
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLN.DOC	--a---- 19968 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] DE8AD0E10036055D807C48C6E212D525
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLN.PPT	--a---- 12288 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] 869F9133110546C95F112B850A33F98A
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLN.XLS	--a---- 8704 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] 9BFF69AA98FE3E0D7EAD3622F4E67B34
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLV.DOC	--a---- 19968 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] DD20BBA2C4DB5CC6949844174B1BA279
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLV.PPT	--a---- 12288 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] AD3AF821274DE583BCAD58524F5D3CCA
C:\Program Files\Microsoft Office\Office12\1033\PROTTPLV.XLS	--a---- 8704 bytes	[00:56 02/11/2004]	[00:56 02/11/2004] D06585F0C1DABE598CB56F2776263401
C:\Program Files\Philips\Philips Songbird\components\sbMigrate13to14.wmaprotected.js	--a---- 7847 bytes	[00:21 10/05/2010]	[00:21 10/05/2010] 71A5DFFB0C134929DAD2D827126B7577
C:\Program Files\Philips\Philips Songbird\components\sbSongbirdProtocol.js	--a---- 6432 bytes	[00:26 10/05/2010]	[00:26 10/05/2010] E27A3431B8903632DE7BEB359270D6C6
C:\Program Files\Philips\Philips Songbird\lib\gstdataprotocol-0.10-0.dll	--a---- 38912 bytes	[00:19 10/05/2010]	[00:19 10/05/2010] CC1F86E33A43D44C4435A19F08A8D583
C:\Program Files\Real\RealPlayer\rpplugprot.dll	--a---- 86016 bytes	[19:48 06/06/2007]	[19:48 06/06/2007] 0E74E92306B54DB601DF3825355F5C35
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Lue\Downloads\norton$202013$20web$20protection$20definitions_microdefsb.curdefs_symalllanguages_livetri.zip	--a---- 3652 bytes	[05:04 21/08/2013]	[09:39 21/08/2013] E8A21CB498D79D54A83CDE95E6E8447C
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Lue\Downloads\norton$202013$20web$20protection$20definitions_microdefsb.jul_symalllanguages_livetri.zip	--a---- 2989 bytes	[23:49 26/07/2013]	[10:35 18/08/2013] 66E8C76113DBCAE89D19A180E8105086
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Lue\Downloads\norton$202013$20web$20protection$20definitions_microdefsb.curdefs_symalllanguages_livetri.zip	--a---- 3652 bytes	[05:04 21/08/2013]	[09:39 21/08/2013] E8A21CB498D79D54A83CDE95E6E8447C
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Lue\Downloads\norton$202013$20web$20protection$20definitions_microdefsb.jul_symalllanguages_livetri.zip	--a---- 2989 bytes	[23:49 26/07/2013]	[10:35 18/08/2013] 66E8C76113DBCAE89D19A180E8105086
C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt	--a---- 389 bytes	[18:11 12/08/2008]	[18:11 12/08/2008] 793F3F2A7BB70F0F08D22C6F5911AB14
C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt	--a---- 412 bytes	[19:23 23/11/2007]	[13:31 07/06/2008] AC1E0019E3B6E09823E1A5B0A8A1E70F
C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt	--a---- 165 bytes	[19:23 23/11/2007]	[19:23 23/11/2007] 4DA8A238C35A97FD5B47BADE72A99BD7
C:\Users\G Alexander\Documents\My Documents\My eBooks\Your rights under the Data Protection Act MI5 - The Security Service.htm	--a---- 23807 bytes	[10:54 06/09/2012]	[10:54 06/09/2012] 6F86280CF7C58F909379B1A18FED5122
C:\Users\G Alexander\Documents\My Documents\My eBooks\Taliban's Ban On Poppy A Success, U.S. Aides Say - New York Times_files\prototype.js	--a---- 163528 bytes	[11:29 30/05/2011]	[11:29 30/05/2011] D4D504331132D55A739D847DEAADCF14
C:\Users\G Alexander\Documents\My Documents\My Music\Sample Playlists\0106C872\Music tracks with content protection.wpl	--a---- 733 bytes	[08:48 22/09/2007]	[18:02 12/11/2002] 5B4137ECE8B8CC9E1DB38EB0B8EBB0B3
C:\Users\G Alexander\Documents\My Documents\Personal\Data Protection Council.doc	--a---- 28672 bytes	[13:55 09/09/2012]	[13:55 09/09/2012] 4018C9B6621EB28456D17765F509E4B8
C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:17 09/01/2013]	[10:59 05/10/2012] 1E511EB755EB2329DA0D4798B2FD8C4B
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c63efe3b5db38b8a4838718ddae0b32\System.DirectoryServices.Protocols.ni.dll	--a---- 455680 bytes	[12:33 10/07/2013]	[12:33 10/07/2013] 11915A9E7641242CC60C88775C29F689
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\979ac8eb8179b3ffb0b4ca6b09d17821\System.DirectoryServices.Protocols.ni.dll	--a---- 455680 bytes	[17:35 14/08/2013]	[17:35 14/08/2013] 411722DC12E8FD66040CC318B3DBB278
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d894f77f0ea46b2d9166b8a344ec9071\System.DirectoryServices.Protocols.ni.dll	--a---- 473088 bytes	[17:47 14/08/2013]	[17:47 14/08/2013] 19FF3ECF58210183B01B2B5C2BBF4384
C:\WINDOWS\Help\OEM\Scripts\helpingProtectFromVirusesTOC.jse	--a---- 15052 bytes	[19:56 06/06/2007]	[15:36 15/02/2007] AA19FC382AA7335233085BBAFA889588
C:\WINDOWS\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\system_directoryservices_protocols_dll_x86	-ra---- 182144 bytes	[12:16 18/03/2010]	[12:16 18/03/2010] 535C6EEB62E46D1BB5A47887E58F16EA
C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll	--a---- 184976 bytes	[12:37 14/08/2013]	[12:37 14/08/2013] 5792CD68CCE5EB3CE4C9E6C83F82095E
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:17 09/01/2013]	[10:59 05/10/2012] 1E511EB755EB2329DA0D4798B2FD8C4B
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll	--a---- 184976 bytes	[09:39 09/10/2012]	[09:39 09/10/2012] 5792CD68CCE5EB3CE4C9E6C83F82095E
C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf	--a---- 117924 bytes	[20:21 21/09/2007]	[11:20 21/08/2013] 0583BC28487CE11C90669D5B3C557517
C:\WINDOWS\servicing\Packages\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181.cat	--a---- 7390 bytes	[18:52 22/02/2011]	[22:46 12/01/2011] BD09C2FB2C265AE8327D0B9BB5037FFF
C:\WINDOWS\servicing\Packages\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181.mum	--a---- 1689 bytes	[18:52 22/02/2011]	[22:22 12/01/2011] 8ED6DF52A1937FF7D9B13AB7289F3543
C:\WINDOWS\servicing\Packages\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~~7.0.6002.18181.cat	--a---- 7390 bytes	[18:52 22/02/2011]	[22:46 12/01/2011] A3611B561316B196D3E69247EA0A88E4
C:\WINDOWS\servicing\Packages\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~~7.0.6002.18181.mum	--a---- 2068 bytes	[18:52 22/02/2011]	[22:21 12/01/2011] 82C55CBD954EDA17146CDAAFFF1BB9EF
C:\WINDOWS\System32\SearchProtocolHost.exe	--a---- 185344 bytes	[18:45 24/06/2009]	[06:27 11/04/2009] B5EF1DA337DB9859709A387638AC5E07
C:\WINDOWS\System32\SystemPropertiesProtection.exe	--a---- 81920 bytes	[08:47 02/11/2006]	[09:45 02/11/2006] 37EDBB66FB07B9B5F808CFCE9DAAB361
C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181.cat	----s-- 7390 bytes	[18:52 22/02/2011]	[22:46 12/01/2011] BD09C2FB2C265AE8327D0B9BB5037FFF
C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Management-Protocols-Package~31bf3856ad364e35~x86~~7.0.6002.18181.cat	----s-- 7390 bytes	[18:52 22/02/2011]	[22:46 12/01/2011] A3611B561316B196D3E69247EA0A88E4
C:\WINDOWS\System32\drivers\etc\protocol	--a---- 1358 bytes	[10:23 02/11/2006]	[21:41 18/09/2006] 7700D22FA108234E623D65FA72D9E29C
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\te_protm.2qm	--a---- 3225600 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] C35D3ED0FA7621256F53FC7F38B441D3
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\te_protm.am	--a---- 1167360 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] 9A7D5272D89FE791F7F80CA21561006B
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\te_protm.pm2	--a---- 2662400 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] 22C259C9BE42D70D5207EEBCB401B668
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\te_protm.pm3	--a---- 2959360 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] F2017299F692CA0D9EC5D39BE9656740
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_b139684b\te_protm.2qm	--a---- 3225600 bytes	[10:25 02/11/2006]	[21:28 18/09/2006] C35D3ED0FA7621256F53FC7F38B441D3
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_b139684b\te_protm.am	--a---- 1167360 bytes	[10:25 02/11/2006]	[21:28 18/09/2006] 9A7D5272D89FE791F7F80CA21561006B
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_b139684b\te_protm.pm2	--a---- 2662400 bytes	[10:25 02/11/2006]	[21:28 18/09/2006] 22C259C9BE42D70D5207EEBCB401B668
C:\WINDOWS\System32\DriverStore\FileRepository\divasx86.inf_b139684b\te_protm.pm3	--a---- 2959360 bytes	[10:25 02/11/2006]	[21:28 18/09/2006] F2017299F692CA0D9EC5D39BE9656740
C:\WINDOWS\System32\en-US\SystemPropertiesProtection.exe.mui	--a---- 2560 bytes	[12:41 02/11/2006]	[12:41 02/11/2006] EBC00CE696176974A63364EBD42EB93A
C:\WINDOWS\System32\migwiz\dlmanifests\Microsoft-Windows-IE-ClientNetworkProtocolImplementation-DL.man	--a---- 20996 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] DD57D146BB6DDDA5EBA077F84A3DF990
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx	--a---- 69632 bytes	[19:14 06/06/2007]	[19:18 06/06/2007] 7A8B94F92830EF9CB1495E24CF7673F4
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.0.6000.16386_en-us_12764b85b5ede388.manifest	--a---- 2801 bytes	[12:42 02/11/2006]	[12:41 02/11/2006] 8615F10E19848D04562CCE2B5F2DCA32
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.0.6000.16386_en-us_12764b85b5ede388_irclass.dll.mui_c67cedc8	--a---- 4608 bytes	[12:42 02/11/2006]	[12:41 02/11/2006] A81058718381F02ECBC518E5FAE2784F
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.0.6000.16386_none_e5cdd6d9cc8cecdd.manifest	--a---- 6966 bytes	[10:43 02/11/2006]	[10:41 02/11/2006] 77681D91374563A563A3B96FFDB0DB17
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.0.6000.16386_none_e5cdd6d9cc8cecdd_irclass.dll_dbffa295	--a---- 15360 bytes	[10:43 02/11/2006]	[10:41 02/11/2006] 1F07CCA209BCC441075BCFE48576B82C
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.0.6000.16386_none_e5cdd6d9cc8cecdd_wshirda.dll_1775ca24	--a---- 10752 bytes	[10:43 02/11/2006]	[10:41 02/11/2006] E9D1EF681E0F3B95C9B5FD648FA95371
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4.manifest	--a---- 10267 bytes	[19:13 26/03/2008]	[18:43 26/03/2008] E98FD25F6096F0580103629CB7C47BC7
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_psbase.dll_b29bce30	--a---- 40448 bytes	[19:13 26/03/2008]	[18:43 26/03/2008] 08F9134A2215B7ED985409A4DF60AC60
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_pstorec.dll_b3635d22	--a---- 42496 bytes	[19:13 26/03/2008]	[18:43 26/03/2008] DAA1B96073C79C84F8D28FBF55580415
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_pstorsvc.dll_edc49796	--a---- 23040 bytes	[19:13 26/03/2008]	[18:43 26/03/2008] 6D01259214D1E815613ECA3CD81679EC
C:\WINDOWS\winsxs\Backup\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95_protocol_e16769d2	--a---- 1358 bytes	[10:43 02/11/2006]	[10:41 02/11/2006] 7700D22FA108234E623D65FA72D9E29C
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6000.16386_en-us_075c4db0950f42b7.manifest	--a---- 609 bytes	[12:39 02/11/2006]	[12:39 02/11/2006] B48D8E784CDE17A946E1ACF51F279645
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6000.16720_en-us_0756d4149514122b.manifest	------- 609 bytes	[19:27 15/02/2009]	[23:29 27/07/2008] D3863CA38EBF4BB873F3879703ACAC6D
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6000.20883_en-us_f08eeab8aeb6571e.manifest	------- 609 bytes	[19:27 15/02/2009]	[23:30 27/07/2008] 09EBD4725BD88F69FC6531989370157F
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6001.18111_en-us_0731b8ca95661ecc.manifest	------- 609 bytes	[19:27 15/02/2009]	[23:41 27/07/2008] 21BA5801436D2C702B4171F3AE949EAC
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6001.22230_en-us_f0662966af0b97df.manifest	------- 609 bytes	[19:27 15/02/2009]	[23:26 27/07/2008] DF284545603019BC8AF79A794B134621
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6002.18706_en-us_070c3ce495b89b6f.manifest	------- 609 bytes	[19:13 09/01/2013]	[16:09 05/10/2012] 3EE1312D0B00C7586F75EEDE59F6962C
C:\WINDOWS\winsxs\Manifests\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_6.0.6002.22944_en-us_f042c4b8af5c2de0.manifest	------- 609 bytes	[19:13 09/01/2013]	[14:54 05/10/2012] 08C3DCC98AC97652DF5E1D10C5F075AA
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_af45ceab5406d544.manifest	--a---- 4159 bytes	[10:21 02/11/2006]	[10:18 02/11/2006] 879585026C502645DAE4955C412D25EE
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_af40550f540ba4b8.manifest	------- 4159 bytes	[19:27 15/02/2009]	[23:17 27/07/2008] DCE556D166E39729ECBD2F0A8392578B
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_98786bb36dade9ab.manifest	------- 4159 bytes	[19:27 15/02/2009]	[23:19 27/07/2008] F2E216CC3533A8056DED55BB2CB93CA0
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_af1a5067545e7e10.manifest	------- 4159 bytes	[19:22 25/03/2008]	[00:05 19/01/2008] 0BF7F2EFDA9A76274D1857A0F4CB56A9
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_af1b39c5545db159.manifest	------- 4159 bytes	[19:27 15/02/2009]	[23:42 27/07/2008] D7A980791A9DB4F28DAFEF88019ED49B
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_984faa616e032a6c.manifest	------- 4159 bytes	[19:27 15/02/2009]	[23:28 27/07/2008] 21B9498164BA48DA9CE0FBE94FE5D5F3
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224.manifest	------- 4159 bytes	[18:04 24/06/2009]	[23:16 10/04/2009] D478555750C328C944BFC492D2C93F1E
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18706_none_aef5bddf54b02dfc.manifest	------- 4159 bytes	[19:13 09/01/2013]	[16:20 05/10/2012] C853A0725433275F6F2D224B6FD1B8DC
C:\WINDOWS\winsxs\Manifests\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.22944_none_982c45b36e53c06d.manifest	------- 4159 bytes	[19:13 09/01/2013]	[15:15 05/10/2012] 957AC708EDFBB4775E09428056D53200
C:\WINDOWS\winsxs\Manifests\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8.manifest	--a---- 3007 bytes	[10:21 02/11/2006]	[10:11 02/11/2006] E9DA6BE30EDADD62CDCCCB639809E192
C:\WINDOWS\winsxs\Manifests\x86_macrovision-protection_31bf3856ad364e35_6.0.6000.16386_none_5ec30e2aca1e6a6b.manifest	--a---- 1152 bytes	[10:21 02/11/2006]	[10:01 02/11/2006] 6805EC56C23DC566158202ADBCE06E52
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797.manifest	--a---- 41481 bytes	[10:20 02/11/2006]	[10:17 02/11/2006] CFA6F29CC9DDB5EB544CC81905E374A0
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b.manifest	------- 41481 bytes	[19:22 25/03/2008]	[23:59 18/01/2008] 31BBE3CF1D1F6AC6500D4E2779300986
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6002.18005_none_65ff0438c08bf3b7.manifest	------- 41436 bytes	[18:04 24/06/2009]	[23:37 10/04/2009] 97239FA43C66BC06C4A69B7EA93CD66B
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.0.6000.16386_en-us_12764b85b5ede388.manifest	--a---- 2801 bytes	[12:39 02/11/2006]	[12:39 02/11/2006] 8615F10E19848D04562CCE2B5F2DCA32
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-i..pprotocol.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3221e323171f593d.manifest	--a---- 575 bytes	[12:39 02/11/2006]	[12:39 02/11/2006] 0490767B25065010EACA01E4FCD55F0B
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-iis-httpprotocol_31bf3856ad364e35_6.0.6000.16386_none_0a7a33d2fb5be052.manifest	--a---- 5405 bytes	[12:33 02/11/2006]	[12:33 02/11/2006] 7CD591D31EF1B569C27A920EAADA3068
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-iis-httpprotocol_31bf3856ad364e35_6.0.6001.18000_none_0cb0f5cef846f126.manifest	------- 5416 bytes	[19:22 25/03/2008]	[00:13 19/01/2008] 87C175F412D785DFD89F086FAF130504
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.0.6000.16386_none_e5cdd6d9cc8cecdd.manifest	--a---- 6966 bytes	[10:21 02/11/2006]	[10:18 02/11/2006] 77681D91374563A563A3B96FFDB0DB17
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.0.6000.16386_none_04617321f095e62f.manifest	--a---- 89034 bytes	[10:21 02/11/2006]	[10:09 02/11/2006] 5816C3A653FE3E6B6140BEC357FF5333
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.0.6001.18000_none_0698351ded80f703.manifest	------- 105490 bytes	[19:21 25/03/2008]	[00:08 19/01/2008] 09C82E7A90FA672560887B57CD79BA21
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.0.6002.18005_none_0883ae29eaa2c24f.manifest	------- 105397 bytes	[18:04 24/06/2009]	[23:36 10/04/2009] 083CE3D1A551FF4F761684AC1B13B61D
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..essprotection-netsh_31bf3856ad364e35_6.0.6000.16386_none_11bc6602330b63cc.manifest	--a---- 6479 bytes	[10:21 02/11/2006]	[10:18 02/11/2006] 072D57DAD32C04DBA3F2C501EBBC5FEC
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..essprotection-netsh_31bf3856ad364e35_6.0.6001.18000_none_13f327fe2ff674a0.manifest	------- 6812 bytes	[19:21 25/03/2008]	[00:08 19/01/2008] F9470B2C6855BE2CBB4938526C22D821
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.0.6000.16386_none_3b6442242b122836.manifest	--a---- 5375 bytes	[10:21 02/11/2006]	[10:13 02/11/2006] 8CF355EF9EFEF5BEC045E366E46FC328
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.0.6001.18000_none_3d9b042027fd390a.manifest	------- 5375 bytes	[19:21 25/03/2008]	[00:02 19/01/2008] 9D44C7130172F8ABC0AF5ADAFD2A7771
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.0.6000.16386_none_dd88a3d9f9d1de2b.manifest	--a---- 19678 bytes	[10:20 02/11/2006]	[10:04 02/11/2006] D6E916050011B7CB4744906307DD2928
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..sprotection-shvhost_31bf3856ad364e35_6.0.6001.18000_none_dfbf65d5f6bceeff.manifest	------- 20763 bytes	[19:21 25/03/2008]	[00:01 19/01/2008] 56D4E0B5B2A979C647CF2447DF8BCF60
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-client_31bf3856ad364e35_6.0.6000.16386_none_f52672f336272827.manifest	--a---- 5060 bytes	[10:21 02/11/2006]	[10:02 02/11/2006] 5A8316318F9F891AA771A11643800317
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.0.6000.16386_none_b22ec79d82388539.manifest	--a---- 12453 bytes	[10:20 02/11/2006]	[10:18 02/11/2006] E1C6875A0852B835866942B2815970AA
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.0.6001.18000_none_b46589997f23960d.manifest	------- 12453 bytes	[19:21 25/03/2008]	[00:05 19/01/2008] 40020262BC948703CCE016A8C9141DFA
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.0.6000.16386_none_0fd9ac9c995bb7e6.manifest	--a---- 16301 bytes	[10:21 02/11/2006]	[10:17 02/11/2006] 1645F6BDCBF4AD5A88638A09107F529C
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.0.6001.18000_none_12106e989646c8ba.manifest	------- 16301 bytes	[19:21 25/03/2008]	[00:00 19/01/2008] 5AFC9D313D08A2CB33EF3646B49112B0
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.0.6000.16386_none_617b94d21f98a2cd.manifest	--a---- 3789 bytes	[10:21 02/11/2006]	[10:08 02/11/2006] 6016BF0F37BAB768D8B29481D432C96B
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6000.16386_none_4612529e3373b3d0.manifest	--a---- 10360 bytes	[10:20 02/11/2006]	[10:16 02/11/2006] 6C1234D68FC898BACCE1BCB299775DDC
C:\WINDOWS\winsxs\Manifests\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4.manifest	------- 10267 bytes	[19:21 25/03/2008]	[00:39 19/01/2008] E98FD25F6096F0580103629CB7C47BC7
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_af45ceab5406d544\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[06:34 02/11/2006]	[01:14 20/10/2006] 6BDB34DABC3E43A399782FEEF2531616
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16720_none_af40550f540ba4b8\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:26 15/02/2009]	[18:00 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.20883_none_98786bb36dade9ab\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:26 15/02/2009]	[17:55 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_af1a5067545e7e10\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:49 25/03/2008]	[11:26 05/01/2008] 710FC83A1C3E2C64F18C342E22C57BA9
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18111_none_af1b39c5545db159\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:26 15/02/2009]	[18:03 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.22230_none_984faa616e032a6c\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:26 15/02/2009]	[17:58 27/07/2008] F0D4CE77F1F9D9A7468335B1CE4C061B
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[18:42 24/06/2009]	[04:42 30/03/2009] 891AA60D72C0D51286FD7792D53C2A12
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18706_none_aef5bddf54b02dfc\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:17 09/01/2013]	[10:59 05/10/2012] 1E511EB755EB2329DA0D4798B2FD8C4B
C:\WINDOWS\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.22944_none_982c45b36e53c06d\System.DirectoryServices.Protocols.dll	--a---- 188416 bytes	[19:17 09/01/2013]	[10:58 05/10/2012] D1162478DB5DF2AEB5B241093C495A07
C:\WINDOWS\winsxs\x86_divasx86.inf_31bf3856ad364e35_6.0.6001.18000_none_60480b0f3e8d2080\te_protm.2qm	--a---- 3225600 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] C35D3ED0FA7621256F53FC7F38B441D3
C:\WINDOWS\winsxs\x86_divasx86.inf_31bf3856ad364e35_6.0.6001.18000_none_60480b0f3e8d2080\te_protm.am	--a---- 1167360 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] 9A7D5272D89FE791F7F80CA21561006B
C:\WINDOWS\winsxs\x86_divasx86.inf_31bf3856ad364e35_6.0.6001.18000_none_60480b0f3e8d2080\te_protm.pm2	--a---- 2662400 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] 22C259C9BE42D70D5207EEBCB401B668
C:\WINDOWS\winsxs\x86_divasx86.inf_31bf3856ad364e35_6.0.6001.18000_none_60480b0f3e8d2080\te_protm.pm3	--a---- 2959360 bytes	[19:47 25/03/2008]	[21:28 18/09/2006] F2017299F692CA0D9EC5D39BE9656740
C:\WINDOWS\winsxs\x86_microsoft-windows-iis-httpprotocol_31bf3856ad364e35_6.0.6000.16386_none_0a7a33d2fb5be052\protsup.dll	--a---- 20992 bytes	[12:36 02/11/2006]	[12:36 02/11/2006] A325AFB52610207F9E66580D63DF28FC
C:\WINDOWS\winsxs\x86_microsoft-windows-iis-httpprotocol_31bf3856ad364e35_6.0.6001.18000_none_0cb0f5cef846f126\protsup.dll	--a---- 19968 bytes	[19:49 25/03/2008]	[07:36 19/01/2008] 722A8D78D8CF89D8DEB8ADFC05A3B669
C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386_none_0041f38286aeaf07\Microsoft-Windows-IE-ClientNetworkProtocolImplementation-DL.man	--a---- 20996 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] DD57D146BB6DDDA5EBA077F84A3DF990
C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-IE-ClientNetworkProtocolImplementation-DL.man	--a---- 20996 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] DD57D146BB6DDDA5EBA077F84A3DF990
C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-IE-ClientNetworkProtocolImplementation-DL.man	--a---- 20996 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] DD57D146BB6DDDA5EBA077F84A3DF990
C:\WINDOWS\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.0.6000.16386_none_617b94d21f98a2cd\SystemPropertiesProtection.exe	--a---- 81920 bytes	[08:47 02/11/2006]	[09:45 02/11/2006] 37EDBB66FB07B9B5F808CFCE9DAAB361
C:\WINDOWS\winsxs\x86_microsoft-windows-s..rotection.resources_31bf3856ad364e35_6.0.6000.16386_en-us_bd6730159316dc36\SystemPropertiesProtection.exe.mui	--a---- 2560 bytes	[12:41 02/11/2006]	[12:41 02/11/2006] EBC00CE696176974A63364EBD42EB93A
C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\protocol	--a---- 1358 bytes	[06:38 02/11/2006]	[21:41 18/09/2006] 7700D22FA108234E623D65FA72D9E29C
C:\WINDOWS\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6000.16386_none_47e1b1bb326f0fb4\SearchProtocolHost.exe	--a---- 204288 bytes	[12:34 02/11/2006]	[12:34 02/11/2006] 2A0B63014AD1ED027D47A58C89F4A1AA
C:\WINDOWS\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchProtocolHost.exe	--a---- 179200 bytes	[19:50 25/03/2008]	[07:33 19/01/2008] 7A99D75362812EB91871FCFC55921304
C:\WINDOWS\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe	--a---- 184832 bytes	[18:49 09/08/2008]	[05:18 27/05/2008] C4894B3B448B647BEDC9E916D181BDBE
C:\WINDOWS\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6002.18005_none_3d746908b76294a3\SearchProtocolHost.exe	--a---- 185344 bytes	[18:45 24/06/2009]	[06:27 11/04/2009] B5EF1DA337DB9859709A387638AC5E07

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Sorry for the delay in replying. I've been doing a lot of research and am still having trouble identifying what that scheduled task relates to. A couple of threads mentioned malware but others just didn't seem to know what it was for. It seems like the file is not there so it probably wouldn't hurt to delete the task but before doing that can you look at the entry in your scheduled tasks and let me know what file it points to or anything else it may say about it there please?

Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Sorry for the delay in replying. I've been doing a lot of research and am still having trouble identifying what that scheduled task relates to. A couple of threads mentioned malware but others just didn't seem to know what it was for. It seems like the file is not there so it probably wouldn't hurt to delete the task but before doing that can you look at the entry in your scheduled tasks and let me know what file it points to or anything else it may say about it there please?
> 
> Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File


This in not something I recognise.

The only scheduled tasks I know of are Norton Backup and Tuneup.


----------



## Cookiegal (Aug 27, 2003)

Yes but I wanted you to check the scheduled task to see if it gives us any clues as to what it wants to run.

Please follow these instructions to check that:

http://support.microsoft.com/kb/939039


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Yes but I wanted you to check the scheduled task to see if it gives us any clues as to what it wants to run.
> 
> Please follow these instructions to check that:
> 
> http://support.microsoft.com/kb/939039


This is not a facility I have used before but I have now looked through Windows Task Scheduler and could not see any reference to "Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File".

This includes hidden tasks.


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again using this script and post the log.


```
:regfind
17409CE8-43BB-4CCB-A113-31E4DB21BA8
```


----------



## James321 (Apr 10, 2013)

I was having a problem previously where Ask.com had set itself as my home page. On Google Chrome I would get Ask.com search results even though pressing the Home hey (the house shaped icon) would take me to the Google.com site.

We got rid of that problem but now it seems to have come back again of its own accord.

I have not performed any downloads or updates in between where I could have been asked to change my homepage. 

Could this be a sign of suspicious activity? Some malware does redirect you like this and I have also noticed that the browser in Chrome is very, very slow. If you type an address into the browser it can take as long as 10 seconds before any type appears. In the meantime a message says "Google Chrome is not responding".


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please run SystemLook again using this script and post the log.
> 
> 
> ```
> ...


SystemLook 04.09.10 by jpshortstuff
Log created at 11:53 on 25/08/2013 by G Alexander
Administrator - Elevation successful

========== regfind ==========

Searching for "17409CE8-43BB-4CCB-A113-31E4DB21BA8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17409CE8-43BB-4CCB-A113-31E4DB21BA8B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17409CE8-43BB-4CCB-A113-31E4DB21BA8B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK]
"Id"="{17409CE8-43BB-4CCB-A113-31E4DB21BA8B}"

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please remove the version of AdwCleaner that you have by opening the program and clicking on the Uninstall button.

Then download the latest version:

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Please remove the version of AdwCleaner that you have by opening the program and clicking on the Uninstall button.
> 
> Then download the latest version:
> 
> ...


# AdwCleaner v3.001 - Report created 26/08/2013 at 12:10:10
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : G Alexander - MYHOME-PC
# Running from : C:\Users\G Alexander\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files\Yontoo Layers
Folder Found C:\Users\G Alexander\AppData\Roaming\Uniblue\SpeedUpMyPC

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\speedupmypc

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19453

-\\ Google Chrome v

[ File : C:\Users\G Alexander\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [806 octets] - [26/08/2013 12:10:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [865 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Open AdwCleaner and click on the *Chrome *browser tab and be sure to *uncheck* any items listed there (there should only be one but even if there are more uncheck them all). If you don't uncheck them then you will lose your Chrome custom settings.

Then click on the *Folders *and *Registry *tabs and make sure all of the entries under both of those tabs are checked so that they do get removed. After doing that click on the *Clean *button and then click on *Report *and copy and paste the log that opens up in your next reply please.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> Open AdwCleaner and click on the *Chrome *browser tab and be sure to *uncheck* any items listed there (there should only be one but even if there are more uncheck them all). If you don't uncheck them then you will lose your Chrome custom settings.
> 
> Then click on the *Folders *and *Registry *tabs and make sure all of the entries under both of those tabs are checked so that they do get removed. After doing that click on the *Clean *button and then click on *Report *and copy and paste the log that opens up in your next reply please.


I had to run the entire scan again to be able to do any of the above.

Under the Chrome browser tab was the text "##### C:\Users\G Alexander\AppData\Local\Google\User Data\Default\preference #####" but no box to uncheck beside it.

I will click the Clean button when you have okayed this.


----------



## Cookiegal (Aug 27, 2003)

If you don't use Chrome then go ahead and click on the Clean button but if you do let me know and we'll take care of what it found manually.


----------



## James321 (Apr 10, 2013)

Cookiegal said:


> If you don't use Chrome then go ahead and click on the Clean button but if you do let me know and we'll take care of what it found manually.


Yes, I do use Chrome.


----------



## Cookiegal (Aug 27, 2003)

OK then we'll use ComboFix to remove those entries. At the same time, we'll see if there's anything else that turns up that needs to be removed.

Please drag the version you have to the Recycle Bin and grab the latest version.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Number 18 (Dec 25, 2007)

I noticed with chrome in my task manager is that each tab has it's own entry, like having 7 chrome.exe running.


----------

