Hi and thanks for your reply myrti.
I've got Windows Vista, don't know if it is 32 or 64.
If needed I can get the Windows CD.
Symptoms:
1. Google results redirect to random sites
2. Occasionally internet screen goes inactive even when I am typing/scrolling (Not sure if this happens with any other applications as haven't used Word for a while)
3. Windows Catalyst Control Center stops working when turning the computer on.
4. After enabling hidden files (as Windows Recovery hid all of them) I can see Windows Recovery on the desktop.
5. Last time I ran rKill it stopped grpconv.exe and SSUPDATE.EXE
6. Google is pretty slow to return searches
OTL text:OTL logfile created on: 3.4.2011 23:10:31 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Irina\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 13,46 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 23,28 Gb Free Space | 31,86% Space Free | Partition Type: NTFS
Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011.04.03 23:04:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe
PRC - [2011.03.19 13:49:29 | 002,423,752 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011.03.06 15:32:16 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011.01.10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009.07.27 03:10:00 | 001,983,816 | -H-- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.05.11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007.02.22 20:50:00 | 000,144,960 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007.02.22 20:50:00 | 000,112,216 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007.02.22 20:50:00 | 000,054,872 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.12.29 10:11:00 | 004,317,184 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.19 15:06:00 | 000,086,016 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006.12.19 11:27:54 | 000,136,768 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006.12.19 11:27:00 | 000,136,768 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006.12.19 11:24:50 | 000,104,000 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.12.08 18:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.22 17:31:26 | 000,630,784 | -H-- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2005.09.30 20:22:50 | 000,096,341 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
========== Modules (SafeList) ========== MOD - [2011.04.03 23:04:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe
MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011.01.10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2009.07.20 13:28:10 | 000,121,360 | -H-- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.02.22 20:50:00 | 000,144,960 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007.02.22 20:50:00 | 000,054,872 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006.12.19 11:24:50 | 000,104,000 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006.12.08 18:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2005.09.30 20:22:50 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
========== Driver Services (SafeList) ========== DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.05.10 19:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 19:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.09.05 15:25:36 | 001,183,744 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.17 17:56:16 | 000,037,392 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.07.02 16:37:10 | 000,131,616 | -H-- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | -H-- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | -H-- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.11 14:33:06 | 000,079,376 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 14:32:38 | 000,063,248 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.04.11 14:32:30 | 000,020,496 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.02.22 20:50:00 | 000,170,408 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.02.02 15:09:42 | 002,385,920 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.01.15 22:28:20 | 000,070,144 | -H-- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.30 08:50:00 | 000,072,264 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006.11.30 08:50:00 | 000,064,360 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006.11.30 08:50:00 | 000,052,136 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006.11.30 08:50:00 | 000,034,152 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.11.30 08:50:00 | 000,031,944 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006.11.22 17:35:00 | 000,982,272 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fi/IE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.pointshop.fi/ep_startpage.asp?do=sp&userid=3016053&tjecksum=5440959612&email=suklaatajakahvia@gmail.com&doAutoLogin=true"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: {5d393167-8b1c-4ce1-8593-0ba5f39f3210}:0.4
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.30 23:55:33 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.28 11:31:59 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 13:35:59 | 000,000,000 | -H-D | M]
[2008.12.08 11:12:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Irina\AppData\Roaming\mozilla\Extensions
[2011.04.03 21:41:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\b0hqollt.default\extensions
[2010.06.18 09:58:55 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\b0hqollt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.05 00:33:46 | 000,000,000 | -H-D | M] () -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\b0hqollt.default\extensions\{5d393167-8b1c-4ce1-8593-0ba5f39f3210}
[2011.03.19 14:39:02 | 000,000,000 | -H-D | M] (LeechBlock) -- C:\Users\Irina\AppData\Roaming\mozilla\Firefox\Profiles\b0hqollt.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011.04.03 21:41:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.24 10:42:08 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.24 10:41:07 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.28 11:31:50 | 000,002,062 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bookplus-fi.xml
[2011.03.28 11:31:50 | 000,001,069 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons-fi.xml
[2011.03.28 11:31:50 | 000,002,677 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\huuto-fi.xml
[2011.03.28 11:31:50 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fi.xml
[2011.03.28 11:31:50 | 000,001,100 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-fi.xml
O1 HOSTS File: ([2008.07.02 20:46:57 | 000,244,668 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8541 more lines...
O2 - BHO: (Adobe PDF Reader -linkkiavustaja) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [recinfo795] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000..\Run: [JgUJevQpNnePtDM] File not found
O4 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Irina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windowsin valokuvavalikoiman taustakuva.jpg
O24 - Desktop BackupWallPaper: C:\Users\Irina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windowsin valokuvavalikoiman taustakuva.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web-kansiot
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78028BE9-3B2E-46E9-B588-BB9AEE0F4088} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ========== [2011.04.03 23:05:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe
[2011.03.27 13:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.03.27 13:08:09 | 001,739,024 | ---- | C] (Secunia) -- C:\Users\Irina\Desktop\PSISetup.exe
[2011.03.26 01:27:47 | 005,459,128 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Users\Irina\Desktop\SASDEFINITIONS.EXE
[2011.03.25 01:16:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.25 01:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.25 01:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.25 01:09:18 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Irina\Desktop\mbam-setup.exe
[2011.03.24 23:42:02 | 000,000,000 | -H-D | C] -- C:\Users\Irina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.19 14:52:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.19 14:49:48 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011.03.19 14:49:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011.03.14 09:55:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[2011.03.13 22:53:33 | 000,000,000 | -H-D | C] -- C:\Users\Irina\AppData\Roaming\PhotoScape
[2011.03.13 22:50:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011.03.13 22:48:07 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape
[2011.03.12 20:19:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[12 C:\Users\Irina\Documents\*.tmp files -> C:\Users\Irina\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011.04.03 23:04:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Irina\Desktop\OTL.exe
[2011.04.03 22:27:39 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.03 22:27:39 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.03 21:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.03 21:27:26 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.29 13:41:50 | 000,102,666 | ---- | M] () -- C:\Users\Irina\Documents\Ryanair030411.pdf
[2011.03.29 13:41:00 | 000,108,355 | ---- | M] () -- C:\Users\Irina\Documents\RyanairBoardingPass-3.pdf
[2011.03.29 13:35:59 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.03.29 13:35:12 | 000,102,666 | ---- | M] () -- C:\Users\Irina\Documents\Ryanair3411.pdf
[2011.03.29 13:29:47 | 000,102,491 | ---- | M] () -- C:\Users\Irina\Documents\Ryanair.pdf
[2011.03.29 13:29:14 | 000,108,191 | ---- | M] () -- C:\Users\Irina\Documents\RyanairBoardingPass30311.pdf
[2011.03.27 22:16:29 | 000,293,019 | ---- | M] () -- C:\Users\Irina\Desktop\gmer.zip
[2011.03.27 22:05:25 | 000,000,000 | ---- | M] () -- C:\Users\Irina\defogger_reenable
[2011.03.27 13:12:07 | 000,000,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.03.27 13:08:08 | 001,739,024 | ---- | M] (Secunia) -- C:\Users\Irina\Desktop\PSISetup.exe
[2011.03.26 01:27:47 | 005,459,128 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Users\Irina\Desktop\SASDEFINITIONS.EXE
[2011.03.25 08:38:46 | 000,011,772 | -HS- | M] () -- C:\Users\Irina\AppData\Local\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011.03.25 08:38:46 | 000,011,772 | -HS- | M] () -- C:\ProgramData\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011.03.25 06:00:23 | 000,331,776 | -HS- | M] () -- C:\Users\Irina\AppData\Local\jik.exe
[2011.03.25 06:00:17 | 000,001,356 | ---- | M] () -- C:\Users\Irina\AppData\Local\d3d9caps.dat
[2011.03.25 01:16:34 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.25 01:09:17 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Irina\Desktop\mbam-setup.exe
[2011.03.25 01:05:23 | 001,006,778 | ---- | M] () -- C:\Users\Irina\Desktop\iExplore.exe
[2011.03.24 23:44:45 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~33087264
[2011.03.24 23:44:44 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~33087264r
[2011.03.24 23:42:02 | 000,000,589 | -H-- | M] () -- C:\Users\Irina\Desktop\Windows Recovery.lnk
[2011.03.19 14:52:09 | 000,001,670 | -H-- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.17 10:44:04 | 000,613,046 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.17 10:44:04 | 000,462,826 | -H-- | M] () -- C:\Windows\System32\perfh00B.dat
[2011.03.17 10:44:04 | 000,104,768 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.17 10:44:04 | 000,085,022 | -H-- | M] () -- C:\Windows\System32\perfc00B.dat
[2011.03.14 09:17:51 | 000,001,730 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.14 09:14:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011.03.13 22:50:22 | 000,000,858 | -H-- | M] () -- C:\Users\Irina\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011.03.13 22:50:22 | 000,000,834 | -H-- | M] () -- C:\Users\Irina\Desktop\PhotoScape.lnk
[2011.03.12 20:20:38 | 000,001,854 | -H-- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.03.12 20:20:38 | 000,001,854 | -H-- | M] () -- C:\Users\Irina\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[12 C:\Users\Irina\Documents\*.tmp files -> C:\Users\Irina\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011.03.29 13:41:47 | 000,102,666 | ---- | C] () -- C:\Users\Irina\Documents\Ryanair030411.pdf
[2011.03.29 13:41:00 | 000,108,355 | ---- | C] () -- C:\Users\Irina\Documents\RyanairBoardingPass-3.pdf
[2011.03.29 13:35:59 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.03.29 13:35:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.03.29 13:35:08 | 000,102,666 | ---- | C] () -- C:\Users\Irina\Documents\Ryanair3411.pdf
[2011.03.29 13:29:14 | 000,108,191 | ---- | C] () -- C:\Users\Irina\Documents\RyanairBoardingPass30311.pdf
[2011.03.27 22:16:35 | 000,293,019 | ---- | C] () -- C:\Users\Irina\Desktop\gmer.zip
[2011.03.27 22:05:25 | 000,000,000 | ---- | C] () -- C:\Users\Irina\defogger_reenable
[2011.03.27 17:42:51 | 2011,283,456 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.27 13:12:07 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011.03.27 13:12:07 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.03.25 06:00:23 | 000,331,776 | -HS- | C] () -- C:\Users\Irina\AppData\Local\jik.exe
[2011.03.25 06:00:23 | 000,011,772 | -HS- | C] () -- C:\Users\Irina\AppData\Local\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011.03.25 06:00:23 | 000,011,772 | -HS- | C] () -- C:\ProgramData\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011.03.25 01:16:34 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.25 01:05:19 | 001,006,778 | ---- | C] () -- C:\Users\Irina\Desktop\iExplore.exe
[2011.03.24 23:44:44 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~33087264r
[2011.03.24 23:44:44 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~33087264
[2011.03.24 23:42:02 | 000,000,589 | -H-- | C] () -- C:\Users\Irina\Desktop\Windows Recovery.lnk
[2011.03.19 14:52:09 | 000,001,670 | -H-- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.14 09:17:50 | 000,001,730 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.14 09:14:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011.03.13 22:50:22 | 000,000,858 | -H-- | C] () -- C:\Users\Irina\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011.03.13 22:50:22 | 000,000,834 | -H-- | C] () -- C:\Users\Irina\Desktop\PhotoScape.lnk
[2011.02.12 09:00:30 | 000,562,333 | -H-- | C] () -- C:\Windows\hpoins21.dat.temp
[2011.02.12 09:00:29 | 000,007,262 | -H-- | C] () -- C:\Windows\hpomdl21.dat.temp
[2010.05.26 08:55:13 | 000,078,161 | -H-- | C] () -- C:\Windows\hpqins05.dat
[2010.05.23 21:52:08 | 000,000,280 | -H-- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2010.05.19 00:47:52 | 000,256,512 | -H-- | C] () -- C:\Windows\PEV.exe
[2010.05.19 00:47:52 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2010.05.19 00:47:52 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2010.05.19 00:47:52 | 000,077,312 | -H-- | C] () -- C:\Windows\MBR.exe
[2010.05.19 00:47:52 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010.05.12 02:47:08 | 000,000,930 | -H-- | C] () -- C:\Windows\lsrslt.ini
[2010.04.30 17:04:31 | 000,000,045 | RH-- | C] () -- C:\Windows\gsc_user.dat
[2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.06 09:37:30 | 000,000,760 | -H-- | C] () -- C:\Users\Irina\AppData\Roaming\setup_ldm.iss
[2009.04.16 03:32:22 | 000,000,088 | -H-- | C] () -- C:\Windows\wininit.ini
[2009.03.06 16:37:28 | 000,093,384 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.01.29 13:46:52 | 000,000,416 | -H-- | C] () -- C:\Users\Irina\AppData\Roaming\Poladroid prefs.plist
[2008.04.21 01:21:03 | 000,000,224 | -H-- | C] () -- C:\Users\Irina\AppData\Roaming\APUSet.xml
[2008.04.21 01:21:00 | 000,005,993 | -H-- | C] () -- C:\Users\Irina\AppData\Roaming\PrimoPDFSet.xml
[2008.04.21 01:19:57 | 000,176,235 | -H-- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.03.03 11:24:08 | 000,001,356 | ---- | C] () -- C:\Users\Irina\AppData\Local\d3d9caps.dat
[2008.03.01 23:51:28 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2008.01.20 00:04:38 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008.01.06 19:31:22 | 000,000,390 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008.01.02 16:25:36 | 000,131,072 | -H-- | C] () -- C:\Users\Irina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.29 19:56:06 | 000,000,776 | -H-- | C] () -- C:\Users\Irina\AppData\Roaming\wklnhst.dat
[2007.08.29 15:55:38 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\sw2_ttls_manager.exe
[2006.11.06 23:49:36 | 000,000,310 | -H-- | C] () -- C:\Windows\primopdf.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,305,416 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,613,046 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,768 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 17:52:02 | 000,012,288 | -H-- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003.04.01 09:58:30 | 000,005,649 | -H-- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1999.09.10 20:01:54 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[1999.09.10 20:01:54 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[1999.09.10 20:01:53 | 000,128,813 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[1999.09.10 19:33:02 | 000,462,826 | -H-- | C] () -- C:\Windows\System32\perfh00B.dat
[1999.09.10 19:33:02 | 000,274,158 | -H-- | C] () -- C:\Windows\System32\perfi00B.dat
[1999.09.10 19:33:02 | 000,085,022 | -H-- | C] () -- C:\Windows\System32\perfc00B.dat
[1999.09.10 19:33:02 | 000,036,790 | -H-- | C] () -- C:\Windows\System32\perfd00B.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008.10.29 07:20:29 | 002,923,520 | -H-- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.29 20:36:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005.08.16 03:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Irina\AppData\Local\temp\RarSFX0\h\explorer.exe
[2007.12.29 20:36:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
< MD5 for: WININIT.EXE >[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >[2006.11.02 10:45:57 | 000,308,224 | -H-- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2009.05.26 20:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Irina\AppData\Local\temp\RarSFX0\winlogon.exe
< End of report >
Extras textOTL Extras logfile created on: 3.4.2011 23:10:31 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Irina\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 13,46 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 23,28 Gb Free Space | 31,86% Space Free | Partition Type: NTFS
Computer Name: IRINA-PC | User Name: Irina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2725038491-1517790310-2373979269-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B6F1F9E-9A19-4177-BA19-D180C1611AA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5878197-C7CB-4A05-AAE6-7F132E111E19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{140678AE-13A1-413A-81F0-92B317DE1EE9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{225B368D-36FA-41F5-B51C-107CF8607791}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DBC7948-4F33-4335-8D3E-8D91CA868DC4}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{43FC1363-39A6-45B2-BBD3-8F9C9D83FA51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44826B4E-415B-46F7-A674-8B77B8C32312}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{494358F9-D371-4655-838D-36B157B18DE1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{571FB99F-0042-4556-93AC-592A66384BE2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{575906E2-57DE-4133-84A4-B7ED707B3EEE}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{5BED6969-5AEF-45D2-8140-2FA9F141A887}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{73145482-08B4-4249-92F3-5672302C85EB}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{7977AAFE-60AA-4E83-A7FD-CDB313178679}" = protocol=17 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{79BD70AE-D8BD-4F44-B650-766FD4ECE02F}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{7ADCB8D8-4F68-4490-8E9B-47BEA04CFD1B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{834504D1-0C31-4B10-AF1C-2C271F7A5073}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85A95F7F-1B25-4A36-8B2F-4A01276C6EC0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{863A6CE2-CBCF-489C-809C-AD2C518066CC}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8A759ECA-C45C-40DC-9D8C-9F867597B469}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9EC72277-5C28-4A1C-B6B0-B87C8A6D5D10}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B239E1BE-600A-4C30-990E-5867C11BDCAA}" = protocol=6 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{B3A2E261-859A-40B1-9301-621953EA0EB7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B935B60A-3EFD-43C5-85E7-1E962B57ECE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C1976C64-9EB6-4745-9AAD-E162F0999684}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{C58D60B8-4170-4038-9895-0D7D1436E4CD}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{D7DC33FB-8D1F-498B-8F57-BBE4908BD3C4}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{D8124D3A-AD37-4FDC-8845-18E50A1DD16D}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{DB70C48D-6503-4BB9-9444-0E8E50E086F4}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{DFAD5A59-D30B-4913-AD58-235CCC17B855}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{E0024DC6-CA32-47D8-8FC7-0529DC070BEA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E531A73F-6BCF-450A-AA11-39D49C8ADA9A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E5B765F2-48DA-4918-BCDD-4E184A685258}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{E5FCF61E-C75C-46FE-8CB2-7845B24A8C11}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{EA43E815-CF34-44EA-8FC8-68AFE0A06E45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{7AC00537-855F-478E-A331-1EC5A6CB59B5}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{A224D2D1-416A-4854-9D59-2C0F2A83C52C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D833EBC3-CE63-4539-80E4-09C6FC2F5073}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F3F42255-F9AF-4948-80E7-B935CB4C9432}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{578FF176-7122-43C8-AAA9-892C5DFC4F8B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{63180496-5F3E-4279-AEEC-0FEE53EDA353}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7BBFD639-8D88-4CBD-B69F-B761FB0EC591}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{81765C99-7F29-4F39-8234-459B3F2135CE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German
"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian
"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Liven lataustyökalu
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese
"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard
"{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German
"{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins
"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation
"{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}" = Microsoft Works
"{81CD6232-10F5-4832-B3DA-1B88B1571035}" = Nero 7 Essentials
"{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean
"{90120000-0020-040B-0000-0000000FF1CE}" = 2007 Office Systemin yhteensopivuuspaketti
"{90BC0F01-9D99-4686-AC14-2EEC0246FB84}" = Poladroid
"{9112040B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998152E5-B605-4BBB-9853-E749AEE02B21}" = Windows Liven kirjautumisavustaja
"{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English
"{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese
"{AA4C0345-2E31-4D99-B4E6-7351975E06F6}" = Windows Liven asennustyökalu
"{AC76BA86-7AD7-1035-7B44-A81300000003}" = Adobe Reader 8.1.3 - Suomi
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C199FC68-C95D-423D-9DE8-F2FCF88AB184}" = EViews 6 Student Version
"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch
"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New
"{E11274EB-B35F-4A35-BC5B-98823FFE7519}" = Windows Live Messenger
"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean
"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista
"{FEA3BE8A-67DB-4834-A2A8-D25A9D7F426D}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon iP4700 series -käyttäjän rekisteröinti" = Canon iP4700 series -käyttäjän rekisteröinti
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PrimoPDF4.0.1" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spotify" = Spotify
"WinLiveSuite_Wave3" = Windows Liven asennustyökalu
"VLC media player" = VLC media player 1.0.1
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2725038491-1517790310-2373979269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 30.1.2010 19:08:13 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:14 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:14 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:14 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:15 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:15 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:15 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.1.2010 19:08:16 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.1.2010 13:02:04 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.1.2010 13:02:04 | Computer Name = Irina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 7.6.2008 12:53:08 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Tapahtumatiedot: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32
GetLastError returned 0D Prosessi: DefaultDomain Objektin nimi: Media Center Guide
Error - 7.6.2008 12:58:09 | Computer Name = Irina-PC | Source = Media Center Guide | ID = 0
Description = Tapahtumatiedot: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32
GetLastError returned 0D Prosessi: DefaultDomain Objektin nimi: Media Center Guide
[ System Events ]
Error - 28.3.2011 18:29:50 | Computer Name = Irina-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
7, toiminto: 0. Järjestelmän toimittaja tai tekninen tukipalvelu voi ehkä auttaa.
Error - 28.3.2011 18:29:51 | Computer Name = Irina-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
6, toiminto: 0. Järjestelmän toimittaja tai tekninen tukipalvelu voi ehkä auttaa.
Error - 28.3.2011 19:22:45 | Computer Name = Irina-PC | Source = DCOM | ID = 10010
Description =
Error - 29.3.2011 14:54:18 | Computer Name = Irina-PC | Source = disk | ID = 262151
Description = Virheellinen lohko laitteessa \Device\Harddisk0\DR0.
Error - 29.3.2011 14:54:22 | Computer Name = Irina-PC | Source = disk | ID = 262151
Description = Virheellinen lohko laitteessa \Device\Harddisk0\DR0.
Error - 29.3.2011 18:00:31 | Computer Name = Irina-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 29.3.2011 19:23:45 | Computer Name = Irina-PC | Source = DCOM | ID = 10010
Description =
Error - 3.4.2011 16:27:09 | Computer Name = Irina-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
4, toiminto: 0. Järjestelmän toimittaja tai tekninen tukipalvelu voi ehkä auttaa.
Error - 3.4.2011 16:27:09 | Computer Name = Irina-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
7, toiminto: 0. Järjestelmän toimittaja tai tekninen tukipalvelu voi ehkä auttaa.
Error - 3.4.2011 16:27:10 | Computer Name = Irina-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
6, toiminto: 0. Järjestelmän toimittaja tai tekninen tukipalvelu voi ehkä auttaa.
< End of report >
Some of the bits aren't in English as my computer has been configured to run in Finnish.
Translation:Description = IRQARB: ACPI BIOS ei sisällä IRQ-keskeytystä laitteelle PCI-väylässä
ACPI BIOS does not include IRQ-abortion on the device in PCI-bus
Description = Virheellinen lohko laitteessa \Device\Harddisk0\DR0.
Segment with mistakes in the device
Thanks for your help!