I am a new member here so if I have posted anything incorrectly accept my apologies and please advise so I can rectify it.
I have noticed that other users have been infected by the searchnu.com/406 and my laptop is infected too and it was brought by the something called livid player.
It was adviced on the other thread that every case is different so I followed the first step to run the OTL app as recommended and here are my results:
- Code: Select all
OTL logfile created on: 16/05/2012 21:36:49 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\uk_trader\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.54% Memory free 3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282.11 Gb Total Space | 255.52 Gb Free Space | 90.58% Space Free | Partition Type: NTFS Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32 Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe PRC - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe PRC - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012/04/05 13:08:36 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/12 13:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012/01/13 21:20:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/01/13 21:13:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/10/24 06:50:00 | 001,433,692 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe PRC - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe PRC - [2011/10/07 04:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe PRC - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe PRC - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2010/09/21 15:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe PRC - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/12 12:15:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/05/12 12:15:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/05/12 11:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/12 11:25:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/12 11:25:16 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/12 11:24:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/12 11:23:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/12 11:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/12 11:23:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/12 11:22:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/05/15 18:14:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService) SRV - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32) DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/10/24 06:50:00 | 000,444,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011/10/22 10:53:40 | 000,445,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2011/10/22 10:52:54 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2011/10/22 10:52:40 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2011/10/22 10:52:08 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2011/10/22 10:51:54 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2011/10/22 10:51:38 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2011/10/22 10:51:22 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt) DRV - [2011/10/22 10:51:08 | 000,290,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/08/22 05:13:20 | 002,204,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng) DRV - [2011/03/23 16:15:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb) DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/10/08 14:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2010/07/28 18:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010/03/02 21:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7 IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 17:38:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 17:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Extensions [2012/05/16 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Firefox\Profiles\z0n2wfk5.default\extensions [2012/05/15 17:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/15 19:33:20 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\UK_TRADER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z0N2WFK5.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI [2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M] O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M] O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M] O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M] O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB822218-F6EB-4E61-8FCF-84A046F8F1C9}: DhcpNameServer = 40.23.1.201 40.23.1.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1A98D7-700A-4842-94D2-C955D2F19ABE}: DhcpNameServer = 192.168.0.1 O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell - "" = AutoRun O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell - "" = AutoRun O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/16 21:27:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe [2012/05/16 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Malwarebytes [2012/05/16 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/16 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/16 21:08:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/16 21:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/15 18:03:16 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Mozilla [2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Mozilla [2012/05/15 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/15 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/05/14 19:06:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Ilivid Player [2012/05/14 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012/05/12 19:20:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/05/12 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2012/05/11 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012/05/11 18:27:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012/05/11 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\SoftGrid Client [2012/05/11 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client [2012/05/11 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) [2012/05/11 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012/05/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2012/05/11 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TP [2012/05/11 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft Corporation [2012/05/11 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2012/05/11 16:55:34 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/05/11 16:55:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/05/11 16:55:32 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/05/11 16:55:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/05/09 20:00:54 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012/05/09 20:00:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012/05/09 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012/05/09 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software [2012/05/09 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012/05/09 19:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/05/09 19:58:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/05/09 19:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/09 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PassMark [2012/05/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\PassMark [2012/05/09 19:37:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2012/05/09 19:37:52 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2012/05/09 19:37:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2012/05/09 19:37:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2012/05/09 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest [2012/05/09 19:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark [2012/05/09 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest [2012/05/09 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology [2012/05/09 19:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology [2012/05/09 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband [2012/05/09 19:09:26 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2012/05/09 19:09:26 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll [2012/05/09 19:09:26 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys [2012/05/09 19:09:26 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2012/05/09 19:09:26 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2012/05/09 19:09:25 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2012/05/09 19:09:25 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys [2012/05/09 19:09:25 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2012/05/09 19:09:25 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2012/05/09 19:09:25 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2012/05/09 19:09:25 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2012/05/09 19:09:24 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2012/05/09 19:09:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012/05/09 19:09:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2012/05/09 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems [2012/05/09 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband [2012/05/08 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\BETTING PRO [2012/05/08 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\CrashDumps [2012/05/08 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Sophos [2012/05/07 10:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/05/06 23:01:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/05/06 23:01:36 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/05/06 23:01:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/05/06 23:01:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/05/06 23:01:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/05/06 23:01:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/05/06 11:15:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012/05/06 11:14:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012/05/06 11:14:42 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012/05/06 11:14:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012/05/06 11:14:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012/05/06 11:14:06 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012/05/06 11:14:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012/05/06 11:13:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2012/05/05 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/05/05 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012/05/04 21:27:45 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll [2012/05/04 21:27:44 | 000,260,096 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll [2012/05/04 21:27:43 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc [2012/05/04 21:27:43 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc [2012/05/04 21:27:43 | 000,056,832 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll [2012/05/04 21:27:42 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc [2012/05/04 21:27:42 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc [2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc [2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc [2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc [2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc [2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc [2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc [2012/05/04 21:27:41 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc [2012/05/04 21:27:40 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc [2012/05/04 21:27:40 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc [2012/05/04 21:27:40 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc [2012/05/04 21:27:40 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc [2012/05/04 21:27:40 | 000,280,064 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc [2012/05/04 21:27:39 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc [2012/05/04 21:27:39 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc [2012/05/04 21:27:38 | 009,030,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll [2012/05/04 21:27:37 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc [2012/05/04 21:27:37 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc [2012/05/04 21:27:36 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc [2012/05/04 21:27:36 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc [2012/05/04 21:27:36 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc [2012/05/04 21:27:36 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc [2012/05/04 21:27:36 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc [2012/05/04 21:27:35 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc [2012/05/04 21:27:35 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc [2012/05/04 21:27:35 | 000,200,704 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll [2012/05/04 21:27:34 | 000,130,560 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll [2012/05/04 21:27:34 | 000,119,808 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl [2012/05/04 21:27:34 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll [2012/05/04 21:27:32 | 002,314,240 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdogl32.dll [2012/05/04 21:27:30 | 001,344,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igddim32.sys [2012/05/04 21:27:28 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll [2012/05/04 21:27:27 | 003,157,272 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe [2012/05/04 21:27:26 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll [2012/05/04 21:12:53 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF [2012/05/04 20:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/05/04 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/05/04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence [2012/05/04 19:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012/05/04 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems [2012/05/04 19:46:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe [2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012/05/04 19:44:26 | 000,122,360 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys [2012/05/04 19:44:26 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys [2012/05/04 19:44:16 | 000,000,000 | ---D | C] -- C:\savw_95_sa [2012/05/04 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PROGRAMS [2012/05/04 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Adobe [2012/05/04 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\IDT [2012/05/04 19:10:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012/05/04 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/05/04 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Google [2012/05/04 19:06:50 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Apps [2012/05/04 19:06:49 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Deployment [2012/05/04 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Macromedia [2012/05/04 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Adobe [2012/05/04 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Kjs.AppLife.Update [2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Blio [2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio [2012/05/04 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Blio [2012/05/04 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Intel Corporation [2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\BMExplorer [2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Bluetooth Folder [2012/05/04 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Atheros [2012/05/04 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Synaptics [2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Searches [2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/05/04 18:47:54 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/05/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Identities [2012/05/04 18:47:43 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Contacts [2012/05/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Hewlett-Packard [2012/05/04 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\hpqlog [2012/05/04 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard [2012/05/04 18:43:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012/05/04 18:43:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012/05/04 18:43:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012/05/04 18:43:15 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services [2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos [2012/05/04 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\RemEngine [2012/05/04 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard_Company [2012/05/04 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\VirtualStore [2012/05/04 18:40:10 | 000,000,000 | --SD | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Videos [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Saved Games [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Pictures [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Music [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Links [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Favorites [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Downloads [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Documents [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Desktop [2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Temporary Internet Files [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Templates [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Start Menu [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\SendTo [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Recent [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\PrintHood [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\NetHood [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Videos [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Pictures [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Music [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\My Documents [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Local Settings [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\History [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Cookies [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Application Data [2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Application Data [2012/05/04 18:40:10 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\AppData [2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Temp [2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/16 21:39:11 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 21:39:11 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 21:36:26 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/16 21:36:26 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/16 21:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe [2012/05/16 21:09:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/16 20:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/16 20:12:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job [2012/05/16 19:49:58 | 000,031,117 | ---- | M] () -- C:\Users\uk_trader\Desktop\batty acc.rtf [2012/05/16 19:12:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job [2012/05/16 18:38:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job [2012/05/15 18:14:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/15 18:14:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/05/15 17:38:46 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/05/13 20:03:18 | 000,000,247 | ---- | M] () -- C:\Users\uk_trader\Desktop\chris batty.rtf [2012/05/12 11:21:04 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job [2012/05/12 11:20:39 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/09 19:35:40 | 000,007,606 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg [2012/05/09 19:09:40 | 000,001,943 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk [2012/05/09 19:09:39 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk [2012/05/09 19:09:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012/05/09 19:08:01 | 000,067,156 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe [2012/05/06 20:22:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/05/05 17:15:39 | 000,015,098 | ---- | M] () -- C:\Windows\System32\results.xml [2012/05/05 02:38:58 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf [2012/05/04 21:27:08 | 000,059,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll [2012/05/04 21:27:07 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc [2012/05/04 21:27:07 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc [2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc [2012/05/04 21:27:07 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc [2012/05/04 21:27:07 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc [2012/05/04 21:27:07 | 000,280,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc [2012/05/04 21:27:07 | 000,260,096 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll [2012/05/04 21:27:07 | 000,056,832 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll [2012/05/04 21:27:06 | 009,030,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxress.dll [2012/05/04 21:27:06 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdogl32.dll [2012/05/04 21:27:06 | 001,097,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll [2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc [2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc [2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc [2012/05/04 21:27:06 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc [2012/05/04 21:27:06 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc [2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc [2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc [2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc [2012/05/04 21:27:06 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc [2012/05/04 21:27:06 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc [2012/05/04 21:27:06 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc [2012/05/04 21:27:06 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc [2012/05/04 21:27:06 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc [2012/05/04 21:27:06 | 000,279,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc [2012/05/04 21:27:06 | 000,279,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc [2012/05/04 21:27:06 | 000,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll [2012/05/04 21:27:06 | 000,130,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll [2012/05/04 21:27:06 | 000,119,808 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl [2012/05/04 21:27:06 | 000,074,240 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdvidproc32.dll [2012/05/04 21:27:06 | 000,023,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll [2012/05/04 21:27:06 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012/05/04 21:27:05 | 003,157,272 | ---- | M] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igddim32.sys [2012/05/04 21:27:05 | 000,817,152 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igddxva32.dll [2012/05/04 21:27:05 | 000,122,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll [2012/05/04 21:27:05 | 000,094,720 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll [2012/05/04 21:27:05 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdaux32.dll [2012/05/04 21:27:05 | 000,018,196 | ---- | M] () -- C:\Windows\System32\igddim32.vp [2012/05/04 20:59:49 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/04 19:01:48 | 000,001,411 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/05/16 21:09:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/15 21:43:26 | 000,031,117 | ---- | C] () -- C:\Users\uk_trader\Desktop\batty acc.rtf [2012/05/15 18:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/15 17:38:46 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/05/15 17:38:44 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/05/13 20:03:18 | 000,000,247 | ---- | C] () -- C:\Users\uk_trader\Desktop\chris batty.rtf [2012/05/11 18:52:13 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job [2012/05/11 17:02:14 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2012/05/09 20:00:21 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012/05/09 19:35:40 | 000,007,606 | ---- | C] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg [2012/05/09 19:09:40 | 000,001,943 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk [2012/05/09 19:09:39 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk [2012/05/09 19:09:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012/05/09 19:07:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe [2012/05/09 19:07:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys [2012/05/06 20:22:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/05/04 21:27:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012/05/04 21:27:30 | 000,018,196 | ---- | C] () -- C:\Windows\System32\igddim32.vp [2012/05/04 20:59:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/04 19:07:03 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job [2012/05/04 19:07:03 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job [2012/05/04 19:01:48 | 000,001,411 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/04 18:48:10 | 000,001,417 | ---- | C] () -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/05/04 18:47:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job [2012/05/04 18:40:10 | 000,000,290 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/05/04 18:40:10 | 000,000,272 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/03/01 10:41:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/12/30 10:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/10/22 10:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin [2011/09/15 04:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [color=#E56717]========== LOP Check ==========[/color] [2012/05/09 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology [2012/05/04 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Blio [2012/05/04 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\IDT [2012/05/16 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client [2012/05/04 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Synaptics [2012/05/11 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TP [2012/05/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software [2009/07/14 05:53:46 | 000,009,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >
And second file
- Code: Select all
OTL Extras logfile created on: 16/05/2012 21:36:49 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\uk_trader\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.54% Memory free 3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282.11 Gb Total Space | 255.52 Gb Free Space | 90.58% Space Free | Partition Type: NTFS Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32 Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "" = "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{8EE30191-9A88-4120-A341-8A2D9ADBD617}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF4A7DCF-5480-4570-A9DA-AF66D3D272C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{C6AC66AD-9912-4317-8D03-7CAF8E427774}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{C91532B7-3039-4610-9CD8-8F77C5880703}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{CFEDEF74-41D4-4731-B866-A3E87E555E64}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{D432C3D5-9FB4-4A50-9105-ADEFBC9042F9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "TCP Query User{52CDAC23-81BB-4DDB-90FC-F4F9A3FFF216}C:\program files\performancetest\pt.exe" = protocol=6 | dir=in | app=c:\program files\performancetest\pt.exe | "UDP Query User{7DE3EE16-A911-4F46-820E-6B7A611FC474}C:\program files\performancetest\pt.exe" = protocol=17 | dir=in | app=c:\program files\performancetest\pt.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2DB8743E-A513-4AE5-A617-BD42D0653969}" = HP Launch Box "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{860C8A24-AA98-476C-90D3-5046C0787987}" = HP Documentation "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US) "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{BCE2B68D-8543-4ED6-8BF8-DB125A11A929}" = ESU for Microsoft Windows 7 SP1 "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDE547F9-21B7-4067-AC7F-F19627CCC31F}" = HP Security Assistant "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF9DAE00-F582-42F6-9537-B5F1F6858AE1}" = HP Software Framework "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "CCleaner" = CCleaner "Huawei Modems" = Huawei modem "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "PerformanceTest 7_is1" = PerformanceTest v7.0 "Searchqu Toolbar" = Searchqu Toolbar "SynTPDeinstKey" = Synaptics TouchPad Driver "TuneUp Utilities 2012" = TuneUp Utilities 2012 "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 04/05/2012 13:48:35 | Computer Name = uk_trader-HP | Source = Application Error | ID = 1000 Description = Faulting application name: HPWMISVC.exe, version: 2.5.1.0, time stamp: 0x4e1a9184 Faulting module name: HPWMISVC.exe, version: 2.5.1.0, time stamp: 0x4e1a9184 Exception code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x65c Faulting application start time: 0x01cd2a5fb6cf9d2d Faulting application path: C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe Report Id: 5e79bb07-9611-11e1-8077-9cb70d7dd5bb Error - 04/05/2012 13:52:17 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10 Description = Error - 04/05/2012 14:19:14 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10 Description = Error - 04/05/2012 14:23:12 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10 Description = Error - 04/05/2012 14:57:32 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10 Description = Error - 04/05/2012 15:05:49 | Computer Name = uk_trader-HP | Source = Application Error | ID = 1000 Description = Faulting application name: STacSV.exe, version: 1.0.6370.0, time stamp: 0x4ea4d6b1 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc000000d Fault offset: 0x00097bf1 Faulting process id: 0x434 Faulting application start time: 0x01cd2a2784417e78 Faulting application path: C:\Program Files\IDT\WDM\STacSV.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 29064ff3-961c-11e1-8f69-9cb70d7dd5bb Error - 05/05/2012 12:15:02 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 06/05/2012 06:22:24 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000 Description = Error - 06/05/2012 06:22:24 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000 Description = Error - 12/05/2012 07:34:30 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000 Description = Error - 12/05/2012 07:34:44 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000 Description = [ HP Software Framework Events ] Error - 13/01/2012 17:10:58 | Computer Name = N1N75ERBQT5GC | Source = CaslWmi | ID = 5 Description = 2012/01/13 13:10:58.248|000003B8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 12/05/2012 07:28:37 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5 Description = 2012/05/12 12:28:37.924|00000324|Error |[CaslWmi]A::A{bool()}|Error connecting to Global Event server. Exception: Retrieving the COM class factory for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the following error: 80070422. Error - 12/05/2012 07:34:56 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5 Description = 2012/05/12 12:34:56.703|00000DE0|Error |[CaslWmi]A::A{bool()}|Error connecting to Global Event server. Exception: Retrieving the COM class factory for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the following error: 80070422. Error - 12/05/2012 07:35:10 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5 Description = 2012/05/12 12:35:10.698|000013FC|Error |[CaslWmi]A::A{bool()}|Error connecting to Global Event server. Exception: Retrieving the COM class factory for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the following error: 80070422. [ System Events ] Error - 04/05/2012 13:48:46 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034 Description = The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error - 04/05/2012 14:56:14 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034 Description = The HP Auto service terminated unexpectedly. It has done this 1 time(s). Error - 04/05/2012 15:06:06 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034 Description = The Audio Service service terminated unexpectedly. It has done this 1 time(s). Error - 07/05/2012 04:56:34 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7023 Description = The Windows Modules Installer service terminated with the following error: %%16405 Error - 07/05/2012 07:19:28 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 07/05/2012 07:19:28 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service. Error - 07/05/2012 13:21:21 | Computer Name = uk_trader-HP | Source = DCOM | ID = 10010 Description = Error - 09/05/2012 14:02:49 | Computer Name = uk_trader-HP | Source = BTHUSB | ID = 327697 Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. < End of report >
Can you please advice or help with the next step?
Many thanks in advance