Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My wife said I could get a new guitar if her PC is fixed!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My wife said I could get a new guitar if her PC is fixed!

Unread postby Walshie100 » March 17th, 2014, 6:48 pm

Hi,
I'd be really grateful for your help?
I have a Windows 7 Professional machine which has been fine for a long while.
I run Trend Micro and Malware Bytes regularly and also CCleaner and do general maintenance. All return clear results in safe mood.
We're behind a firewall etc.

The machine has started to perform very poorly. Occasionally get a Windows warning to say a script has been running for a long time - but unable to identify what script etc.

DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.21.2
Run by Clare at 22:35:06 on 2014-03-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3539.2180 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Internet Content Filter\mfeicfcore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Content Filter\mfp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TouchFreeze] c:\users\clare\appdata\local\programs\touchfreeze\TouchFreeze.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\users\clare\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.delarue.com/dana-cached/ ... Client.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}\2456C6B696E6F574F505C65737F5D494D4F4F5144435C4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}\34275616D602341666560275962756C6563737 : DHCPNameServer = 10.10.10.1
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}\64F4855435750514 : DHCPNameServer = 10.0.0.245 10.0.0.239
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}\750513742424B414 : DHCPNameServer = 192.168.0.125
TCP: Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}\D4549554D264255454D275946494 : DHCPNameServer = 192.74.65.69 194.72.0.114
TCP: Interfaces\{AB32F540-C2BA-4D8A-AE5E-54DB9C01614A} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-10-10 568632]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-10-10 213232]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\drivers\NEOFLTR_700_16899.SYS [2011-1-12 84336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-10 169320]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files\internet content filter\mfeicfcore.exe [2013-10-10 2048504]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files\internet content filter\UpdateService.exe [2013-10-10 1654520]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-10 172416]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-3-23 540288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-3-23 260648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-22 29472]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-23 122368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-10-10 235520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-10-10 365224]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-23 6114816]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-23 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-3-23 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-23 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-03-17 22:28:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-17 22:28:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-01 17:30:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-01 17:29:01 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
============= FINISH: 22:35:42.84 ===============
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm
Advertisement
Register to Remove

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 19th, 2014, 12:07 am

Hello Walshie100,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

In the meantime...

Please post the Attach.txt which is the second part of DDS logs as it is required by MRU policy at THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

Then I will review your logs and will return, as soon as possible, with additional instructions...

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 2:41 am

Hi,
Thanks for coming back to me and apols for not posting the attach.txt - my misunderstanding.

Here it is:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26/03/2010 18:55:01
System Uptime: 17/03/2014 22:26:28 (0 hours ago)
.
Motherboard: Dell Inc. | | 0D696C
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 785/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 176.196 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart B110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart B110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP256: 27/12/2013 18:49:26 - Scheduled Checkpoint
RP257: 13/01/2014 20:05:46 - Scheduled Checkpoint
RP258: 25/01/2014 19:35:51 - Installed HiJackThis
RP259: 01/02/2014 17:27:46 - Windows Update
RP260: 17/02/2014 16:34:08 - Scheduled Checkpoint
RP261: 25/02/2014 21:43:56 - Scheduled Checkpoint
RP262: 07/03/2014 17:51:10 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Reader 9.5.5
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
AVG 2011
B110
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BufferChm
CCleaner
Coupon Printer for Windows
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Destinations
DeviceDiscovery
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Free YouTube to iPod Converter version 3.9.29
Gemalto
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
GPBaseService2
HiJackThis
HP Customer Participation Program 14.0
hp deskjet 5550 series (Remove only)
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
hp print screen utility
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software API
Intel(R) PROSet/Wireless WiFi Software Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 17
Juniper Networks Secure Application Manager
Junk Mail filter update
Learning Ladder 3
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
McAfee Family Protection
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
Private Information Manager
PS_AIO_07_B110_SW_Min
QuickTime
QuickTransfer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Wizards
Shop for HP Supplies
Skype™ 6.7
SmartWebPrinting
SO32MMWrapper
SolutionCenter
Status
Toolbox
TouchFreeze
TrayApp
Trusted Drive Manager
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
WebReg
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
17/03/2014 22:27:59, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/03/2014 22:27:36, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
17/03/2014 22:26:55, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
17/03/2014 21:53:04, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
17/03/2014 21:53:02, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: %%-2147467243
17/03/2014 21:51:46, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
17/03/2014 21:51:46, Error: Service Control Manager [7000] - The Bluetooth Support Service service failed to start due to the following error: The service did not start due to a logon failure.
17/03/2014 21:41:09, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

Hope that this is helpful and thanks again!
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 19th, 2014, 12:08 pm

Hello Walshie100,

Thanks for coming back to me and apols for not posting the attach.txt - my misunderstanding.
Don't worry - we are human and it is our nature to make mistakes from time to time... :)

While I study your logs, please answer me a couple of questions:
  • Please tell me is this computer used for business purposes and connected to a business or educational network?
    I need to know it - so I can provide the proper instructions.
  • Microsoft Office Enterprise 2007
    Can you tell me how you obtained your copy of Microsoft Office Enterprise 2007?

Then:

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answers to my questions related to type of using of your computer and the origin of Microsoft Office .
  3. Contents of CKFiles.txt log file
  4. Contents of a log created by MGADiag.exe
  5. Contents of the codecheck.txt log file

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 1:48 pm

Hi There,
The machine is used for home use and on the home network and not connected to a business or Ed network.
I bough the copy of Office through Microsoft VAR programme - my employer has an arrnagement with MS to enable us to buy MS products at a discount.
The copy is fully licenced and I have the correct key etc.

I will run the steps that you have suggested this evening and post back as soon as I have all the necessary updates.
Thanks again,
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 2:18 pm

Hi again,
I have run the steps which you asked me to complete and the outcomes posted in next couple of post.

CK files: No problem running this at all.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\dorling kindersley\learning ladder 3\media\notions\francais\m0501son\crack.aif
scanner sequence 3.AP.11.LWNAFZ
----- EOF -----
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 2:22 pm

Hi,
Please find MGA Diagnostic outcome posted below:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
Windows Product ID: 00371-OEM-8992671-00524
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {42C129B8-79D1-42BD-BB11-634ADCBB422B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{42C129B8-79D1-42BD-BB11-634ADCBB422B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-4264242866-4040763346-4289907682</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude E5400 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A15</Version><SMBIOSVersion major="2" minor="4"/><Date>20091105000000.000000+000</Date></BIOS><HWID>88BA3407018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>8D0385E6CC18ECE</Val><Hash>wutAkIuI9kE+1WbP1GdA2yIWsM4=</Hash><Pid>81599-871-1673704-65905</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700524-02-1033-7600.0000-0812010
Installation ID: 013432312150812636380250300415885632782362530971181726
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 733WD
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 19/03/2014 18:20:05

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:25:2014 15:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAAABAAAABAABAAEA6GEcVxjegMlaCwJ/nDf2BRJ9YMVOB7b4kD9Gyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M09
FACP DELL M09
HPET DELL M09
MCFG DELL M09
____ DELL M09
ASF! DELL M09
TCPA
SLIC DELL M09
SSDT PmRef CpuPm
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 2:26 pm

HI,
Outcome of the codecheck below:

This seemed to be fine but the output is very short (could be my error if this isn't what you were expecting?)

Codecheck Version 1.0

03019
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 19th, 2014, 4:11 pm

Hello Walshie100,
I bough the copy of Office through Microsoft VAR programme - my employer has an arrnagement with MS to enable us to buy MS products at a discount.
The copy is fully licenced and I have the correct key etc.
Please note, that Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on a home computer even it was bought via your employer.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007, however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:

Then:
Your copy of Windows 7 Pro is not legitimate. You are using an OEM SLP copy of Windows 7 on a computer that was built 11/05/2009 which is more than a year before Windows 7 released to manufacturers at 10/21/2010. You could not use a Dell recovery disk to "upgrade" from an earlier version of Windows because the OEM SLP (System-Locked Preinstallation) copies require special codes in the BIOS in order to self activate. The BIOS on your motherboard does not contain the needed codes for Windows 7 Professional. This copy cannot be activated.

Please reinstall the previous copy of Windows or purchase a full license copy of Windows 7 and reinstall that.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed or issue related to illegal copy of Windows is not resolved.

Please include in your next reply:
  1. Your decision concerning the removal of Microsoft Office Enterprise 2007
  2. Your decision concerning the re-installation of Windows 7

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 4:39 pm

Hi,
Thanks for the note.
However, I think that there is a misunderstanding.
I work the NHS in the UK. The NHS entered into a home use agreement with MS a few years ago and a part of that agreement was that direct employees were able to buy a version of MS office and some other products from MS, and through the employer. The licence provides for home use. Please see the following link for some details on the agreement. You will see the specific provision for home use set out in para 6.

http://www.ehi.co.uk/news/EHI/913/micro ... with-npfit

I hope that this provides the assurance that you need wrt Office. I assure you that I would not use illegal software.

On the comment on the version of Windows 7.
The Dell latitude E5400 was bought directly from Dell and was bought preloaded with Windows 7 professional.
The machine was bought from the Dell website directly and was on offer as the model was to be withdrawn. I bough the machine as it is for my wife who was to use the machine for mostly email and browsing and therefore the specification was less of an issue.

I am at a loss how I prove this last point though. I have just tried to look for the original sales invoice - but it is a while ago and I cant seem to find it. I will look for an e-copy of the sales invoice / confirmation and get back to you. Is there any other way that I can verify the build / version of Windows for you?

Can you let me know please?
Thanks,
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 4:57 pm

Hi again,
I have managed to find an archive copy of the original sale invoice for the machine which I can email to you if that would be helpful.
It contains my home address and info that I'd prefer not to post (unless I really have to) so email would be better?

Some details for now;
Order number:
Date: 21/03/2010 Scheduled delivery date: 13/04/2010.

I have added an copy cut from the sales order here:

Customer No: GB10941456 Order Date: 21/03/2010 Dell Order No: 25544056 Page 1 of 2
Payment Terms Credit/Deb.Card
Internet Receipt No: xxxxxxxxxxxx
Booking Reference: 31591028
Account Manager Online Order
Account Manager Tel 0870 906 0010
Account Manager Fax 0
Account Manager Email UKI_Internet_NoReply@Dell.com
Registered in Ireland No. 191034, Registered Office: Dell Products, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, VAT Registration No. GB. 804 9468 11,
WEE/CE0092VV. An up-to-date list of the name of every company director containing the particulars indicated in paragraphs (a), (b) and (c) of Section 196 (1) of the
Companies Act 1963, is available on application from the company's registered office.
This is confirmation of your recent Dell order.
The Estimated Delivery Date for this order is on or before 13/04/2010
Order Status
To check on the progress of your order please go to: www.dell.co.uk/status
You will need your customer number GB10941456 and Your Order Number
If you have given us an email address please check it regularly for up to date information about your order
Frequently Asked Questions
For answers to the most Frequently Asked Questions please go to: www.dell.co.uk/help
Your invoice will arrive separately 10 days after the delivery of your order - it will be sent by post.
Item No. Description Quantity Unit Price Net VAT
210-26526 Latitude E5400 : Intel Core 2 Duo P8700(2.53GHz,1066MHz,3MB) 1 639.00 639.00 S
200-64453 L0254002 1 S
212-10014 Base Options : Dual Pointing touchpad with Fingerprint Reader 1 S
230-11354 Display : 14.1 inch Wide Screen WXGA LED LCD Panel without Camera, without WWAN, 1 S
340-15387 Documentation : English Shipping Docs 1 S
370-13334 Memory : 4096MB (2x2048) 800MHz DDR2 Dual Channel 1 S
400-14974 Hard Drive : 250GB Serial ATA (5400RPM) 1 S
641-10020 Windows Live 1 S
429-13154 Optical Drive : 8X DVD+/-RW Drive 1 S
429-13175 Optical Drive : Power DVD 8.3 Software and Media included 1 S
429-12488 Optical Drive : Roxio Creator 10.3 Software with Recovery CD 1 S
450-11991 Power Cord : UK/Ireland 90W AC Adaptor 3-pin 1 S
451-10602 Battery : Primary 6-cell 56W/HR LI-ION 1 S
460-10293 Carry Case : Neoprene Black Sleeve Case for 14in Laptops 1 S
555-11474 Wireless : Intel WiFi Link 5300 (802.11 a/b/g/n 3X3) 1/2 MiniCard with Centrino label Not for Russia or
Ukraine
1 S
555-11563 Wireless : Dell Wireless 370 Bluetooth 1 S
583-12089 Keyboard : Internal UK/IR Qwerty Dual Pointing Keyboard 1 S
613-10570 Software Driver : Latitude E5400 1 S
613-10571 Software Driver : Recovery DVD 1 S
619-20040 Operating System : English Genuine Windows 7 Professional (32Bit OS) 1 S
620-11914 OS Media : MUI Windows 7 Professional (32Bit OS) Resource DVD 1 S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby pgmigg » March 19th, 2014, 5:51 pm

Hello Walshie100,

Thank you for detailed explanation and especially for the microsoft-signs-new-software-deal-with-npfit link! No more questions. My doubts were resolved! :)

Let start our treatment...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Coupon Printer for Windows
    HiJackThis
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 17
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 7:02 pm

Hi again,
Second log file is here:

OTL Extras logfile created on: 3/19/2014 10:43:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clare\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.46 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 61.85% Memory free
6.91 Gb Paging File | 5.46 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.96 Gb Total Space | 176.30 Gb Free Space | 76.00% Space Free | Partition Type: NTFS

Computer Name: CLARE-PC | User Name: Clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FA6B13-4402-4725-B998-FE40D16895B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B52C416-482E-45E0-B97C-73BADC95F850}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12D040F5-F0E2-4F41-B57B-C4CED926E5E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{207AC93E-0562-4A23-9BD1-2F4AC3C8C911}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23EC77C4-B881-46FF-88AD-05957E39AC71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{29DAF720-F607-4BF4-96AE-63A8628AB35B}" = lport=137 | protocol=17 | dir=in | app=system |
"{2BA96AEB-4C0D-4105-B96A-421DF147E407}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{383997A5-F866-459F-924F-6D159004607A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{452692B3-535D-43F1-992B-2605FC9D662A}" = rport=139 | protocol=6 | dir=out | app=system |
"{575B8727-9D98-4B6B-822F-D083CB9990D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60DDC3EC-1A27-4296-8F3A-91047E2AA0B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{692FCDAF-D3B9-4639-8FFE-DA8912C28925}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F865FB0-F475-4762-B00C-A8D2D1CEFE22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{786E067F-B633-44EF-91FD-B138F8C04592}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{81335239-0EEB-4271-9942-3C3AA03DFADC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{858201FC-DEE9-4206-8143-925F02C4F0CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D1CE338-A8D0-429C-979A-F92B6A58282F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90A1FD8A-2592-455B-A6A6-ABDA10877298}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9832B2EF-8965-46B9-8732-12DAF0205E00}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DA3E106-3E40-4A73-B2CB-8C7E44E7B62C}" = rport=137 | protocol=17 | dir=out | app=system |
"{AEE41A1F-DFC9-4311-9CF8-B14799821F8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B433DF24-59F4-4D6F-B147-F1D2D8835A62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BA086BEF-4322-4F64-BC36-260F8462D265}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE08A810-F21C-400A-8C57-EB9E3E2889A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C196085D-2BF7-4110-851C-33F365C08FFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C37387AC-A261-433C-BA18-9C721F7B51B0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FF40D6B4-39F6-4A9A-9E0E-C4FCBC204A72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ECEBB7-84BF-4A29-B921-EBDD011DE1D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{08552954-1B7F-46A0-BE34-C2D35983D712}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0A9AC6A6-9E31-42BD-9ABD-20E15EDE5882}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0AB8C667-A9B4-489A-BF32-3324E2761A49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{11E7AE48-5AEE-495D-8DF3-4FEB6F08E848}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11E85092-1F02-446D-8085-956B8F5B86A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{138A288A-76D6-48AF-9C3C-92D3212E01ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{18CD597C-A072-432D-A894-E78F4D220DED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{1D7B9F90-B587-4C7B-8366-9F1464F68A34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{21981646-3D62-478D-AEA1-4B90A2CA2A81}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2AE4FAAC-6F69-4058-8B96-33E21BC44B00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3639DD97-27A2-4A4E-9C66-BD3646511D40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3934B79F-7895-47D9-8E3C-BF51434396FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{39BA0999-1528-41EB-AD8D-149950AFC703}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D0EEA99-17A0-4C67-AED4-86C6F0C50408}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{49D81688-9768-4190-9F5A-B0FBD1017165}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4F3BFE8C-90E2-4DB2-9699-FB498F42CB67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FD350EB-E7D4-4B75-8C2D-AC3A16B9467B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{5038C647-1296-4849-86DC-C878777615E8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5338C2E3-680D-4D38-B0D2-E3439C493E0C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5A743B81-4667-4B79-A5C4-7349187FD318}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5E01BC97-907A-412A-AF71-F0FC01F3FB12}" = protocol=6 | dir=out | app=system |
"{5F3BE043-10F1-4B7B-87A7-84A91CCB4DE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60171AD3-FCB8-4E61-807F-70DF135A984D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{627984DB-F50A-4512-BE04-749996520849}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{631A450F-8E87-4F08-8390-EE25F1CCCB4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6C5B3E25-BA4B-4A02-8F23-8772B34BD694}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7691CC40-9733-40E1-B098-416293D8704F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7C4F7EB5-3B99-4248-AFD2-B1505AAF84E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8A4B709F-39EA-4BA2-8D20-03D30618B5C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9703F75F-D299-4770-A10C-D9C752C86A49}" = dir=in | app=d:\setup\hpznui01.exe |
"{9D811316-F7ED-446D-9287-F38BFA030D1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F85561D-A245-4367-BEBC-2549DBBB68C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F9DEDC4-B253-408F-AE02-2CA745C0EA72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A490F469-DA54-4FD6-BDEB-AC45DD054E6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF420BF7-883E-493A-B480-AF628AEAE6D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BD916368-5BCB-4216-B7F8-4765DC11EBC2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{BDE1DCEC-9897-451E-84E9-883EF0B39A9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C22C89C7-0CF9-458F-AFDE-AADA1D7EFE74}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C3528AB0-D25E-4A3F-B64C-3BA9F02F4385}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B0A2D0-27CE-429C-8D16-FD55D6529B49}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D3BDD248-E371-47B1-8857-3FB0E3C647E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF37ADC-6CCD-4954-B1AF-CF9A89A1B54F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E00D86BD-054D-4323-B791-124B09C6104C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E87562FE-9066-4EF9-9E74-4E1AE55CAF38}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EBA39049-C456-414D-90D2-B5FC92A89E5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{ED6DF3B6-61EB-47A4-9739-3C2D42AC92EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4856A43-0630-4EBF-89C0-4C4C653ADA06}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F5112781-C0B7-4B05-8110-6C04D6C46ABA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F9F7C999-4BBE-4238-93B6-E348C3978619}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE318943-E2E6-477F-9510-35CF9DD4F270}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{FF0988F3-3F20-4AE2-AECE-8D25609FD2EC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"TCP Query User{74626054-7ACC-4AE1-9E08-ED01A2A03EE4}C:\program files\internet content filter\pop3proxy.exe" = protocol=6 | dir=in | app=c:\program files\internet content filter\pop3proxy.exe |
"TCP Query User{BA213D00-8419-4AD1-8C01-280262675B85}C:\program files\internet content filter\pop3proxy.exe" = protocol=6 | dir=in | app=c:\program files\internet content filter\pop3proxy.exe |
"TCP Query User{CE3E394A-0689-459B-9252-5B71327604C5}C:\users\clare\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\clare\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4359150E-4B8A-4E8B-A6EC-02F13AD66EB8}C:\users\clare\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\clare\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4E3DF281-B5FA-4E92-BE30-D2ABDF9A9758}C:\program files\internet content filter\pop3proxy.exe" = protocol=17 | dir=in | app=c:\program files\internet content filter\pop3proxy.exe |
"UDP Query User{5B46993D-6EC6-4C57-A80E-AD532C7B460F}C:\program files\internet content filter\pop3proxy.exe" = protocol=17 | dir=in | app=c:\program files\internet content filter\pop3proxy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{057159C5-3B94-4E36-9271-11615618CACE}" = Dell ControlPoint System Manager
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{083CE5FA-E750-4594-B8D1-13994B297A02}" = Wave Infrastructure Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{101B7840-4A21-427C-BE9A-3B9D2807116C}" = Learning Ladder 3
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}" = Dell ControlPoint Connection Manager
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{39A6407B-DD99-410D-8EA2-280788F8423B}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B45608A-DC45-4F3B-921F-61CDA22C9A83}" = Intel(R) PROSet/Wireless WiFi Software Driver
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}" = DCP32MMWrapper
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98AAE759-09CD-4428-BE93-1AFA79D9F7CA}" = Intel(R) PROSet/Wireless WiFi Software API
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9744E5-2BB7-4042-BD1C-8A339480A08C}" = TouchFreeze
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96FA488-2856-437F-8EAC-1FD67F0EE32C}" = McAfee Family Protection
"{AA5D239E-2D22-4569-9055-822D08F1D917}" = AVG 2011
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}" = SO32MMWrapper
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"hp print screen utility" = hp print screen utility
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4264242866-4040763346-4289907682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2014 4:18:56 PM | Computer Name = Clare-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 3/18/2014 4:18:56 PM | Computer Name = Clare-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 3/18/2014 4:18:56 PM | Computer Name = Clare-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 3/18/2014 4:18:56 PM | Computer Name = Clare-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 3/18/2014 4:23:22 PM | Computer Name = Clare-PC | Source = VSS | ID = 8193
Description =

Error - 3/19/2014 2:12:11 PM | Computer Name = Clare-PC | Source = Application Hang | ID = 1002
Description = The program CKScanner.exe version 2.4.2.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 151c Start
Time: 01cf439e99d524af Termination Time: 16 Application Path: C:\Users\Clare\Downloads\CKScanner.exe

Report
Id: fa94761a-af91-11e3-a4cd-904ce5cee7c4

Error - 3/19/2014 6:24:57 PM | Computer Name = Clare-PC | Source = VSS | ID = 8193
Description =

Error - 3/19/2014 6:33:10 PM | Computer Name = Clare-PC | Source = VSS | ID = 8193
Description =

Error - 3/19/2014 6:33:54 PM | Computer Name = Clare-PC | Source = VSS | ID = 8193
Description =

Error - 3/19/2014 6:35:00 PM | Computer Name = Clare-PC | Source = VSS | ID = 8193
Description =

[ Media Center Events ]
Error - 8/14/2013 8:39:12 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 01:39:12 - Error connecting to the internet. 01:39:12 - Unable
to contact server..

Error - 8/14/2013 8:39:20 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 01:39:17 - Error connecting to the internet. 01:39:17 - Unable
to contact server..

Error - 8/15/2013 9:42:30 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 02:42:30 - Error connecting to the internet. 02:42:30 - Unable
to contact server..

Error - 8/15/2013 9:42:39 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 02:42:35 - Error connecting to the internet. 02:42:35 - Unable
to contact server..

Error - 8/15/2013 10:42:43 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 03:42:43 - Error connecting to the internet. 03:42:43 - Unable
to contact server..

Error - 8/15/2013 10:42:49 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 03:42:48 - Error connecting to the internet. 03:42:48 - Unable
to contact server..

Error - 8/15/2013 11:45:54 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 04:45:54 - Error connecting to the internet. 04:45:54 - Unable
to contact server..

Error - 8/15/2013 11:45:59 PM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 04:45:59 - Error connecting to the internet. 04:45:59 - Unable
to contact server..

Error - 10/6/2013 3:20:40 AM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 08:20:40 - Error connecting to the internet. 08:20:40 - Unable
to contact server..

Error - 10/6/2013 3:21:00 AM | Computer Name = Clare-PC | Source = MCUpdate | ID = 0
Description = 08:20:46 - Error connecting to the internet. 08:20:46 - Unable
to contact server..

[ OSession Events ]
Error - 3/4/2013 5:02:51 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11475
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/23/2013 12:37:03 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13486
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 5/30/2013 5:38:25 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3664
seconds with 420 seconds of active time. This session ended with a crash.

Error - 6/8/2013 1:54:10 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2075
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/16/2013 1:09:47 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4395
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 6/17/2013 5:07:24 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 904
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/9/2013 5:25:24 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22295
seconds with 4920 seconds of active time. This session ended with a crash.

Error - 7/13/2013 4:17:47 AM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7255
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 7/15/2013 5:54:12 AM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 127
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/9/2013 12:05:51 PM | Computer Name = Clare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16611
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/19/2014 2:07:53 PM | Computer Name = Clare-PC | Source = DCOM | ID = 10016
Description =

Error - 3/19/2014 4:17:24 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/19/2014 4:17:27 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 3/19/2014 4:18:14 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/19/2014 4:18:32 PM | Computer Name = Clare-PC | Source = DCOM | ID = 10016
Description =

Error - 3/19/2014 6:02:50 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/19/2014 6:02:56 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 3/19/2014 6:03:58 PM | Computer Name = Clare-PC | Source = DCOM | ID = 10016
Description =

Error - 3/19/2014 6:08:04 PM | Computer Name = Clare-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/19/2014 6:38:50 PM | Computer Name = Clare-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.


< End of report >
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 7:05 pm

Hi,
First OTL log file here:

OTL logfile created on: 3/19/2014 10:43:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clare\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.46 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 61.85% Memory free
6.91 Gb Paging File | 5.46 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.96 Gb Total Space | 176.30 Gb Free Space | 76.00% Space Free | Partition Type: NTFS

Computer Name: CLARE-PC | User Name: Clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/19 22:36:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clare\Desktop\OTL.exe
PRC - [2013/12/14 21:16:06 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/09/02 06:45:00 | 001,654,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2013/09/02 06:44:04 | 003,331,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2013/09/02 06:44:04 | 002,048,504 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfeicfcore.exe
PRC - [2013/08/07 11:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/08/07 11:55:26 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013/08/02 00:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/05 19:23:58 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/05 13:04:04 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/12/22 10:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/12/10 12:44:26 | 001,327,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/10 12:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/11/24 14:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 14:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/20 16:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/02 10:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/09/21 13:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 13:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/01 00:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/08/01 00:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/19 22:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/05/15 16:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/02/01 08:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/01 06:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/11/24 21:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2002/03/18 11:12:50 | 000,188,416 | ---- | M] (HP) -- C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 18:39:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2014/02/01 18:36:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2014/02/01 18:36:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2014/02/01 18:35:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/02/01 18:35:38 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2014/02/01 18:35:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/02/01 18:35:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
MOD - [2012/07/24 19:26:54 | 000,034,304 | ---- | M] () -- C:\Users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
MOD - [2010/03/22 20:09:12 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.453.27565__f25c74fcad379103\Status Lib.dll
MOD - [2010/03/22 20:09:12 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.453.27562__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/11/19 14:47:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/13 07:17:00 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 12:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Services (SafeList) ==========

SRV - [2014/03/17 22:28:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 06:45:00 | 001,654,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (mfeicfupdate)
SRV - [2013/09/02 06:44:04 | 002,048,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\mfeicfcore.exe -- (mfeicfcore)
SRV - [2013/08/07 11:59:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/08/07 11:55:26 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/18 21:22:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/22 10:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/12/10 12:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 14:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 16:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 15:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/09/21 13:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/09/21 13:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/08/11 15:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/01 00:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 16:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - [2013/08/07 11:59:26 | 000,213,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/08/07 11:56:38 | 000,568,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/08/07 11:55:38 | 000,365,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/08/07 11:54:36 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/08/07 11:53:54 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/23 05:56:54 | 000,084,336 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_700_16899.SYS -- (NEOFLTR_700_16899)
DRV - [2010/01/05 13:03:58 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/24 23:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/08/01 00:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/05 02:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 16:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/07/01 03:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/26 00:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 00:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 00:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/26 19:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/05/16 01:56:06 | 000,540,288 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/05/11 10:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{DA3AD9F4-9AC3-4849-8864-B78AB9BC1487}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/2
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\..\SearchScopes,DefaultScope = {DA3AD9F4-9AC3-4849-8864-B78AB9BC1487}
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\..\SearchScopes\{0D257AF7-4790-4F4A-BC14-C622EE6D6118}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\..\SearchScopes\{1CB98906-8E2A-4238-BD61-51E6C4D4084F}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=02DB62DF-A731-44B3-9DB1-B5EBA6C277BC&apn_sauid=D9BA71EA-1A24-4E7B-AAE7-645566202C47
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/03 19:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/09/07 11:44:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/03 19:37:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-4264242866-4040763346-4289907682-1001..\Run: [TouchFreeze] C:\Users\Clare\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Clare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.delarue.com/dana-cached/ ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739F0FD0-2CBC-44D0-A234-3496567D9F66}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB32F540-C2BA-4D8A-AE5E-54DB9C01614A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c80a2f2f-d93a-11e0-9717-904ce5cee7c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c80a2f2f-d93a-11e0-9717-904ce5cee7c4}\Shell\AutoRun\command - "" = E:\laucher.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/19 22:36:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clare\Desktop\OTL.exe
[2014/03/19 18:20:21 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/03/19 18:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/03/19 18:19:19 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Clare\Desktop\MGADiag.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Clare\Documents\*.tmp files -> C:\Users\Clare\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/19 22:36:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clare\Desktop\OTL.exe
[2014/03/19 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/19 22:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/19 22:10:07 | 000,025,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 22:10:07 | 000,025,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 22:07:34 | 000,000,000 | ---- | M] () -- C:\Users\Clare\AppData\Local\WavXMapDrive.bat
[2014/03/19 22:07:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 22:07:27 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/19 22:07:27 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/19 22:02:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/19 22:02:48 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/03/19 22:02:46 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/19 18:23:49 | 000,025,088 | ---- | M] () -- C:\Users\Clare\Desktop\codecheck.exe
[2014/03/19 18:19:19 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Clare\Desktop\MGADiag.exe
[2014/03/19 18:13:14 | 000,468,480 | ---- | M] () -- C:\Users\Clare\Desktop\CKScanner.exe
[2014/03/18 20:49:00 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/17 22:28:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/17 22:28:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Clare\Documents\*.tmp files -> C:\Users\Clare\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/19 22:02:48 | 000,001,024 | ---- | C] () -- C:\.rnd
[2014/03/19 18:23:49 | 000,025,088 | ---- | C] () -- C:\Users\Clare\Desktop\codecheck.exe
[2014/03/19 18:13:14 | 000,468,480 | ---- | C] () -- C:\Users\Clare\Desktop\CKScanner.exe
[2014/01/25 18:21:54 | 000,206,945 | ---- | C] () -- C:\Users\Clare\AppData\Local\census.cache
[2014/01/25 18:21:49 | 000,128,592 | ---- | C] () -- C:\Users\Clare\AppData\Local\ars.cache
[2013/07/22 05:57:08 | 000,201,555 | ---- | C] () -- C:\Users\Clare\krakow8.pdf
[2013/07/22 05:56:55 | 000,202,053 | ---- | C] () -- C:\Users\Clare\krakow7.pdf
[2013/07/22 05:56:38 | 000,201,664 | ---- | C] () -- C:\Users\Clare\krakow5.pdf
[2013/07/22 05:56:25 | 000,201,956 | ---- | C] () -- C:\Users\Clare\krakow4.pdf
[2013/07/22 05:56:08 | 000,215,704 | ---- | C] () -- C:\Users\Clare\krakow3.pdf
[2013/07/22 05:55:53 | 000,216,422 | ---- | C] () -- C:\Users\Clare\krakow2.pdf
[2013/07/22 05:55:37 | 000,215,491 | ---- | C] () -- C:\Users\Clare\krakow1.pdf
[2013/07/22 05:55:14 | 000,216,326 | ---- | C] () -- C:\Users\Clare\BoardingPass.pdf
[2013/07/16 20:07:48 | 000,196,181 | ---- | C] () -- C:\Users\Clare\Tree_of_Life_by_graemeb.jpg
[2013/06/25 18:51:58 | 000,065,967 | ---- | C] () -- C:\Users\Clare\Certificate_of_Motor_Insurance_BCB9B8E3B7C6A51D1207668475B3483E.pdf
[2013/03/26 20:48:49 | 000,106,166 | ---- | C] () -- C:\Users\Clare\GT-I8160OKABTU-downloads.htm
[2012/12/27 20:59:21 | 001,163,206 | ---- | C] () -- C:\Users\Clare\25%20years%20recipe%20book.pdf
[2011/11/27 19:52:54 | 003,100,680 | ---- | C] () -- C:\Users\Clare\RedSaveCancel.pdf
[2011/09/01 15:42:21 | 000,004,096 | -H-- | C] () -- C:\Users\Clare\AppData\Local\keyfile3.drm
[2011/06/15 11:23:59 | 000,269,521 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-Sergio-Osmena-portrait-2.jpg
[2011/06/15 11:23:59 | 000,259,902 | ---- | C] () -- C:\Users\Clare\Philippines-20-(2010)-intaglio-denomination-tactility-detail-2.jpg
[2011/06/15 11:23:59 | 000,250,823 | ---- | C] () -- C:\Users\Clare\Philippines-1000-(2010)-intaglio-denomination-tactility.jpg
[2011/06/15 11:23:59 | 000,247,033 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-Sergio-Osmena-portrait.jpg
[2011/06/15 11:23:59 | 000,196,184 | ---- | C] () -- C:\Users\Clare\Philippines-1000-(2010)-undersea-world-detail.jpg
[2011/06/15 11:23:59 | 000,167,624 | ---- | C] () -- C:\Users\Clare\Philippines-1000-(2010)-watermark-detail.jpg
[2011/06/15 11:23:59 | 000,157,508 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-Sergio-Osmena-portrait-1.jpg
[2011/06/15 11:23:59 | 000,138,003 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-latent-image-detail-positive.jpg
[2011/06/15 11:23:59 | 000,136,867 | ---- | C] () -- C:\Users\Clare\Philippines-1000-(2010)-undersea-world-detail-1.jpg
[2011/06/15 11:23:59 | 000,126,152 | ---- | C] () -- C:\Users\Clare\Philippines-20-(2010)-intaglio-denomination-tactility-detail-1.jpg
[2011/06/15 11:23:59 | 000,125,376 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-latent-image-detail-negative.jpg
[2011/06/15 11:23:59 | 000,119,048 | ---- | C] () -- C:\Users\Clare\Philippines-200-(2010)-latent-image-detail-positive.jpg
[2011/06/15 11:23:59 | 000,100,117 | ---- | C] () -- C:\Users\Clare\Philippines-50-(2010)-lacework-border-detail.jpg
[2011/04/27 14:03:19 | 000,072,080 | ---- | C] () -- C:\Users\Clare\g2mdlhlpx.exe
[2010/11/17 17:53:17 | 000,000,036 | ---- | C] () -- C:\Users\Clare\AppData\Local\housecall.guid.cache
[2010/10/11 10:07:40 | 000,028,771 | -HS- | C] () -- C:\Users\Clare\Folder.jpg
[2010/10/11 10:07:40 | 000,007,225 | -HS- | C] () -- C:\Users\Clare\AlbumArtSmall.jpg
[2010/10/06 16:21:03 | 000,004,036 | ---- | C] () -- C:\Users\Clare\ikeaorder.pdf
[2010/03/26 18:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Clare\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/07 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\.minecraft
[2013/09/07 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\AVG10
[2010/03/26 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\Broadcom
[2013/09/07 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\Dropbox
[2011/02/10 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\GetRightToGo
[2010/10/24 20:19:09 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\ICAClient
[2011/01/18 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\Juniper Networks
[2013/09/07 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\TuneUp Software
[2010/03/26 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Clare\AppData\Roaming\Wave Systems Corp
[2013/09/07 11:45:26 | 000,000,000 | ---D | M] -- C:\Users\Connor itunes\AppData\Roaming\AVG10
[2010/10/17 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Connor itunes\AppData\Roaming\Broadcom
[2010/10/17 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\Connor itunes\AppData\Roaming\Wave Systems Corp
[2013/09/07 11:45:26 | 000,000,000 | ---D | M] -- C:\Users\Connors Itunes\AppData\Roaming\AVG10
[2013/04/01 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\Connors Itunes\AppData\Roaming\Broadcom
[2012/12/11 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\Connors Itunes\AppData\Roaming\TuneUp Software
[2013/04/01 16:13:05 | 000,000,000 | ---D | M] -- C:\Users\Connors Itunes\AppData\Roaming\Wave Systems Corp
[2012/12/11 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/11 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm

Re: My wife said I could get a new guitar if her PC is fixed

Unread postby Walshie100 » March 19th, 2014, 7:09 pm

Hi,
Thanks for your help and hope that this is what you need?
Thanks,
S
Walshie100
Regular Member
 
Posts: 29
Joined: March 17th, 2014, 6:33 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware