Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random BSOD


  • This topic is locked This topic is locked
22 replies to this topic

#1 colb2002

colb2002

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 06 October 2012 - 06:02 AM

It all started with computer running slow so decided to do a clean(format) install of windows 7 home premium 64bit (as have done before with no probs) after installing it kept getting bsod and had trouble installing programs but was able to install service pack 1 alaong with all the other windows updates, but still kept getting random bsod. so tried another clean install to see if it went away but now same problem of bsod but can't get sp1 to install, have run microsoft fixit and combofix (see attatched log). what can i do short of trying to install windows AGAIN or getting a new pc. Please help I have run out of ideas.




ComboFix 12-10-04.02 - Colin Barrow 06/10/2012 10:28:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4030.2496 [GMT 1:00]
Running from: c:\users\Colin Barrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7O0LLWB\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Colin Barrow\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\COLINB~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 08:15 . 2012-10-06 08:15 -------- d-----w- c:\windows\system32\SPReview
2012-10-06 06:52 . 2012-10-06 06:52 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-06 04:53 . 2012-10-06 04:53 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-10-04 19:09 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-10-04 16:43 . 2012-10-04 16:43 -------- d-----w- c:\program files (x86)\Win7codecs
2012-10-04 16:43 . 2012-10-04 16:45 -------- d-----w- c:\programdata\Win7codecs
2012-10-04 16:31 . 2012-10-04 16:31 -------- d-----w- c:\programdata\RoboForm
2012-10-04 16:31 . 2012-10-04 16:31 -------- d-----w- c:\program files (x86)\Siber Systems
2012-10-03 21:15 . 2012-10-03 21:15 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-03 21:10 . 2012-10-03 21:10 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 21:10 . 2012-10-03 21:10 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 21:10 . 2012-10-03 21:10 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-03 21:10 . 2012-10-03 21:10 -------- d-----w- c:\windows\system32\Macromed
2012-10-03 20:52 . 2012-10-03 20:52 -------- d-----w- c:\windows\CheckSur
2012-10-03 20:41 . 2012-10-03 20:41 -------- d-----w- c:\windows\system32\EventProviders
2012-10-03 18:58 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-03 18:58 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-03 18:03 . 2012-10-03 20:37 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-10-03 18:02 . 2012-10-03 18:02 -------- d-----w- c:\windows\PCHEALTH
2012-10-03 17:59 . 2012-10-03 17:59 -------- d-----w- c:\program files\Microsoft Office
2012-10-03 17:59 . 2012-10-03 17:59 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-10-03 17:57 . 2012-10-03 17:57 -------- d-----r- C:\MSOCache
2012-10-03 17:46 . 2012-10-06 07:46 -------- d-----w- c:\users\NeroMediaHomeUser.4
2012-10-03 17:36 . 2012-10-04 16:29 -------- d-----w- C:\tor
2012-10-03 17:35 . 2012-10-03 17:35 -------- d-----w- c:\program files (x86)\uTorrent
2012-10-03 17:30 . 2012-10-03 17:31 -------- d-----w- c:\program files\Microsoft Device Center
2012-10-03 17:27 . 2012-10-03 17:28 -------- d-----w- c:\program files (x86)\Nero
2012-10-03 17:27 . 2012-10-03 17:46 -------- d-----w- c:\programdata\Nero
2012-10-03 17:27 . 2012-10-03 17:28 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-10-03 01:31 . 2012-10-03 01:31 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-02 21:00 . 2012-10-02 21:00 -------- d-----w- C:\3c99cfd875a4ed30c580094417
2012-10-02 20:42 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-10-02 20:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-10-02 20:36 . 2012-10-02 20:36 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-02 20:36 . 2012-10-02 20:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-02 20:36 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-10-02 20:36 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-10-02 20:34 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-10-02 19:19 . 2012-10-02 19:19 -------- d-----w- C:\2b241a8fbb0fcd8964b35947
2012-10-02 18:09 . 2012-10-02 18:09 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-10-02 18:08 . 2012-10-02 18:08 -------- d-----w- c:\programdata\HP
2012-10-02 18:07 . 2012-10-02 18:07 -------- d-----w- c:\programdata\Hewlett-Packard
2012-10-02 18:06 . 2012-10-02 18:07 -------- d-----w- c:\program files (x86)\HP
2012-10-02 18:06 . 2011-04-16 00:14 81920 ----a-r- c:\windows\SysWow64\mvusbews.dll
2012-10-02 18:06 . 2010-03-31 10:51 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPM1210PP.dll
2012-10-02 18:05 . 2011-04-16 00:13 49152 ----a-w- c:\windows\system32\HPM1210SMs.dll
2012-10-02 18:05 . 2010-03-31 10:52 1366016 ----a-w- c:\windows\system32\HPM1210SM.exe
2012-10-02 18:05 . 2010-03-31 10:51 407040 ----a-w- c:\windows\system32\HPM1210LM.DLL
2012-10-02 18:05 . 2011-04-16 00:14 212992 ----a-w- c:\windows\system32\m1130wia.dll
2012-10-02 18:05 . 2011-04-16 00:14 82432 ----a-w- c:\windows\system32\mvusbews.dll
2012-10-02 18:05 . 2011-04-16 00:14 20480 ----a-w- c:\windows\system32\drivers\mvusbews.sys
2012-10-02 18:05 . 2011-04-16 00:14 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-02 18:05 . 2011-05-18 14:19 126520 ----a-r- c:\windows\system32\HPSIsvc.exe
2012-10-02 18:04 . 2012-10-02 18:04 -------- d-----w- c:\program files\HP
2012-10-02 18:02 . 2012-10-02 18:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-02 18:01 . 2012-10-02 18:01 -------- d-----w- c:\programdata\Belkin
2012-10-02 18:01 . 2012-10-02 18:01 -------- d-----w- c:\program files\Belkin
2012-10-02 18:00 . 2009-06-22 15:50 291352 ----a-w- c:\windows\system32\drivers\sxuptp.sys
2012-10-02 17:59 . 2012-10-02 17:59 -------- d-----w- c:\programdata\Affinegy
2012-10-02 17:59 . 2012-10-02 17:59 -------- d-----w- c:\program files (x86)\Belkin
2012-10-02 01:52 . 2012-10-03 18:51 -------- d-----w- c:\windows\Panther
2012-10-02 01:52 . 2012-10-02 01:52 -------- d-----w- C:\Boot
2012-10-01 21:01 . 2012-10-01 21:01 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-01 21:01 . 2012-10-01 21:01 -------- d-----w- c:\windows\system32\Wat
2012-10-01 19:59 . 2012-10-01 19:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-01 19:59 . 2012-10-01 19:59 -------- d-----r- c:\program files (x86)\Skype
2012-10-01 19:59 . 2012-10-01 19:59 -------- d-----w- c:\programdata\Skype
2012-10-01 19:22 . 2012-10-01 19:22 -------- d-----w- c:\program files\Common Files\logishrd
2012-10-01 19:15 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-10-01 19:15 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-10-01 19:15 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-10-01 19:15 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-10-01 19:15 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-10-01 19:15 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-10-01 19:15 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-10-01 19:15 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-10-01 19:15 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-10-01 19:15 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-10-01 19:14 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-01 18:57 . 2012-08-30 23:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-10-01 18:53 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-01 18:53 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-10-01 18:53 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-01 18:53 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-01 18:53 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-01 18:53 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-01 18:53 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-01 18:50 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-10-01 18:50 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-10-01 18:49 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-10-01 18:49 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2012-10-01 18:47 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-10-01 18:46 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-10-01 18:45 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-01 18:44 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-10-01 18:44 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-10-01 18:44 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-10-01 18:44 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-10-01 18:44 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-10-01 18:44 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-10-01 18:44 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-10-01 18:44 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-10-01 18:44 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-10-01 18:44 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-10-01 18:32 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-01 18:32 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-01 18:32 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-01 18:31 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-01 18:31 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-01 18:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-01 18:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-01 18:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-01 18:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-01 18:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-01 18:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-01 18:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-01 18:20 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-01 18:20 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-01 18:05 . 2012-10-04 18:21 -------- d-----w- c:\programdata\Microsoft Help
2012-10-01 18:05 . 2012-10-06 06:52 -------- d-sh--w- c:\windows\Installer
2012-10-01 17:40 . 2012-10-02 18:14 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-01 17:10 . 2012-10-01 17:20 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-10-01 17:10 . 2012-10-01 17:21 -------- d-----w- c:\program files\Symantec
2012-10-01 17:10 . 2012-10-01 17:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-01 17:09 . 2012-10-02 18:17 -------- d-----w- c:\windows\system32\drivers\NISx64
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 08:57 . 2012-09-06 08:57 4399616 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-08-12 04:59 . 2012-08-12 04:59 1370624 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-07-21 14:54 . 2012-07-21 14:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-07-21 14:53 . 2012-07-21 14:53 294912 ----a-w- c:\windows\SysWow64\AACACM.acm
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-04 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 250288]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2011-04-16 20480]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-28 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121005.002\IDSvia64.sys [2012-09-28 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-18 126520]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 21:10]
.
2012-10-04 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-10-01 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?PC=BNHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2012-10-06 11:07:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 10:07
.
Pre-Run: 185,566,814,208 bytes free
Post-Run: 184,811,724,800 bytes free
.
- - End Of File - - A62E7E97A3D1243C64C9CEE698AE593E

Edited by Noviciate, 06 October 2012 - 01:04 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 06 October 2012 - 01:07 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:

  • Linky #1
  • Linky #2

  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:


    :filefind
    *.dmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

So long, and thanks for all the fish.

 

 


#3 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 06 October 2012 - 04:25 PM

there has been more memory dumps than that but ccleaner has deleted them sorry.

SystemLook 30.07.11 by jpshortstuff
Log created at 22:20 on 06/10/2012 by Colin Barrow
Administrator - Elevation successful

========== filefind ==========

Searching for "*.dmp"
C:\ProgramData\Norton\LocalDumps\ccsvchst.exe.1576.dmp --a---- 549087 bytes [20:04 01/10/2012] [20:04 01/10/2012] 38224163C2E2876EC26271E69B4953A5
C:\ProgramData\Norton\LocalDumps\ccsvchst.exe.1968.dmp --a---- 2469816 bytes [15:32 06/10/2012] [15:32 06/10/2012] ED68C7B85A6A129EEED4D0EDF213F8FC
C:\ProgramData\Norton\LocalDumps\ccsvchst.exe.2356.dmp --a---- 2476849 bytes [16:57 05/10/2012] [16:57 05/10/2012] 156BB3718511308DF1C55F06A3823CAD
C:\ProgramData\Norton\LocalDumps\iexplore.exe.4936.dmp --a---- 2262866 bytes [17:00 05/10/2012] [17:01 05/10/2012] 2473D9F520C774BB456ED7AFC7DA3B27
C:\Users\All Users\Norton\LocalDumps\ccsvchst.exe.1576.dmp --a---- 549087 bytes [20:04 01/10/2012] [20:04 01/10/2012] 38224163C2E2876EC26271E69B4953A5
C:\Users\All Users\Norton\LocalDumps\ccsvchst.exe.1968.dmp --a---- 2469816 bytes [15:32 06/10/2012] [15:32 06/10/2012] ED68C7B85A6A129EEED4D0EDF213F8FC
C:\Users\All Users\Norton\LocalDumps\ccsvchst.exe.2356.dmp --a---- 2476849 bytes [16:57 05/10/2012] [16:57 05/10/2012] 156BB3718511308DF1C55F06A3823CAD
C:\Users\All Users\Norton\LocalDumps\iexplore.exe.4936.dmp --a---- 2262866 bytes [17:00 05/10/2012] [17:01 05/10/2012] 2473D9F520C774BB456ED7AFC7DA3B27
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\SearchIndexer.exe.4812.dmp --a---- 5310481 bytes [08:22 06/10/2012] [08:22 06/10/2012] 2E5B8445DE6263D0AEE59EE12EB06D53
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\SearchProtocolHost.exe.2296.dmp --a---- 263614 bytes [08:23 06/10/2012] [08:23 06/10/2012] CC75D0A4A9041944E836626AC974D2AF
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\SearchProtocolHost.exe.3292.dmp --a---- 273398 bytes [08:23 06/10/2012] [08:23 06/10/2012] A5EF57C7AB71856DCB1AB6EB518A761A
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.112.dmp --a---- 2272900 bytes [21:16 06/10/2012] [21:16 06/10/2012] 3534F2A74A8AC84A65D7C1D2DD39D989
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.2484.dmp --a---- 2422975 bytes [21:19 06/10/2012] [21:19 06/10/2012] 78684B41FC8CB822B2E4CA8BFFB82633

-= EOF =-

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 07 October 2012 - 02:40 PM

Good evening. :)

Please don't run CCleaner again, for now at least. Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#5 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 October 2012 - 01:47 AM

OTL logfile created on: 08/10/2012 07:31:03 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Colin Barrow\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.47% Memory free
7.87 Gb Paging File | 6.19 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.90 Gb Total Space | 172.40 Gb Free Space | 78.76% Space Free | Partition Type: NTFS
Drive D: | 79.19 Gb Total Space | 50.74 Gb Free Space | 64.07% Space Free | Partition Type: NTFS

Computer Name: COLINBARROW-PC | User Name: Colin Barrow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 07:30:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Colin Barrow\Desktop\OTL.scr
PRC - [2012/10/04 17:31:11 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/10/03 22:10:09 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/07/02 12:35:22 | 000,120,496 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/07/02 12:33:10 | 001,454,216 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2012/03/30 14:41:46 | 001,858,152 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/05/18 18:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010/11/30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010/11/30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009/10/15 18:43:42 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
PRC - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/06/23 15:59:34 | 004,891,944 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
PRC - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/03 22:31:04 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll
MOD - [2012/10/03 22:30:13 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4cd09961cd45c4c3d3a079f3e81686f5\Microsoft.VisualBasic.ni.dll
MOD - [2012/10/03 22:24:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll
MOD - [2012/10/03 22:19:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
MOD - [2012/10/03 22:19:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/10/03 22:18:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/10/03 22:18:36 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/10/03 22:18:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/10/03 22:18:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/10/03 22:17:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/10/03 22:17:55 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/10/03 22:17:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/10/03 21:32:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/10/03 21:32:28 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/10/03 21:26:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/10/03 21:26:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/10/03 21:26:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/10/03 21:26:10 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/10/03 21:25:34 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/10/15 18:44:46 | 000,067,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
MOD - [2009/10/15 18:44:24 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
MOD - [2009/10/15 18:44:06 | 000,969,784 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
MOD - [2009/10/15 18:43:56 | 000,140,856 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
MOD - [2009/10/15 18:43:10 | 000,240,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMMapperObjects.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/18 15:19:18 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/03 22:10:10 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/02 12:33:20 | 000,014,528 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/01 18:20:33 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/26 21:38:30 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/26 03:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/04/27 16:51:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 02:24:02 | 000,191,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymDSMon.sys -- (SymDSMon)
DRV:64bit: - [2010/11/30 02:24:02 | 000,163,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 22:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV - [2012/10/07 10:44:34 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\ex64.sys -- (NAVEX15)
DRV - [2012/10/07 10:44:34 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121006.007\eng64.sys -- (NAVENG)
DRV - [2012/10/06 06:00:31 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/03 02:31:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/28 12:33:38 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121005.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/28 01:02:52 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 9E 5C A6 F6 9F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/10/01 18:10:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/10/08 07:22:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/06 11:02:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKCU..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B16E92E-3717-4F70-823F-641209412F6F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 07:30:03 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Colin Barrow\Desktop\OTL.scr
[2012/10/07 19:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/10/07 13:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/10/07 13:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012/10/07 13:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/10/07 13:00:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/10/07 12:57:59 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Seagate_Technology_LLC
[2012/10/07 12:10:27 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\My Online Documents
[2012/10/07 12:08:01 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Leadertech
[2012/10/07 12:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2.0
[2012/10/07 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/10/07 12:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2012/10/07 12:03:20 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Seagate
[2012/10/06 16:17:49 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2012/10/06 11:07:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/06 11:02:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/06 10:26:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/06 10:26:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/06 10:26:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/06 10:23:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/06 10:23:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/06 07:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/10/06 07:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/10/06 05:53:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2012/10/04 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[2012/10/04 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Win7codecs
[2012/10/04 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win7codecs
[2012/10/04 17:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2012/10/04 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\RoboForm
[2012/10/04 17:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/10/04 17:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2012/10/04 17:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2012/10/03 22:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/10/03 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Macromedia
[2012/10/03 22:10:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/10/03 22:10:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/03 21:52:38 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/10/03 21:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/10/03 19:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/10/03 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/10/03 19:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/10/03 19:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/10/03 19:02:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/10/03 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/10/03 18:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/10/03 18:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/10/03 18:57:23 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/10/03 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Nero
[2012/10/03 18:46:45 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Nero
[2012/10/03 18:36:30 | 000,000,000 | ---D | C] -- C:\tor
[2012/10/03 18:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/03 18:33:58 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\uTorrent
[2012/10/03 18:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/10/03 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/10/03 18:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/10/03 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/10/03 18:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/10/03 18:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/10/03 02:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/10/02 22:00:29 | 000,000,000 | ---D | C] -- C:\3c99cfd875a4ed30c580094417
[2012/10/02 21:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/10/02 21:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/02 21:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/10/02 20:31:09 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\WindowsUpdate
[2012/10/02 20:19:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/10/02 20:19:04 | 000,000,000 | ---D | C] -- C:\2b241a8fbb0fcd8964b35947
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Writing
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Wills
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Wageslips
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Toyota
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\The diet solution
[2012/10/02 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\tennant areement_files
[2012/10/02 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\taxreturns 2009 2010
[2012/10/02 19:32:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\tax returns 2011
[2012/10/02 19:32:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Sony Ericsson
[2012/10/02 19:32:21 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Documents\Public
[2012/10/02 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Sony
[2012/10/02 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Small Business Accounting
[2012/10/02 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\RSPCA
[2012/10/02 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Readiris
[2012/10/02 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Progs
[2012/10/02 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Phone
[2012/10/02 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Pension
[2012/10/02 19:29:57 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\OneNote Notebooks
[2012/10/02 19:29:57 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Nero Home
[2012/10/02 19:29:57 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Nero Collections
[2012/10/02 19:29:51 | 000,000,000 | --SD | C] -- C:\Users\Colin Barrow\Documents\My Webs
[2012/10/02 19:29:51 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Documents\My Stationery
[2012/10/02 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Weblog Posts
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My RoboForm Data
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Received Files
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Projects
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Garmin
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Games
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Data Sources
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\My Albums
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Media Go
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Mandy Car Insuance Docs
[2012/10/02 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Games for Windows - LIVE Demos
[2012/10/02 19:29:45 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Family Tree
[2012/10/02 19:29:44 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\DRIVING
[2012/10/02 19:29:44 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Disability Living Allowance Notes
[2012/10/02 19:29:42 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Documents\Dawn's Hay Food Docs
[2012/10/02 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Digital Wave Player
[2012/10/02 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\debt management
[2012/10/02 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Colin's Study Folder
[2012/10/02 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Ciricculum Vitae
[2012/10/02 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\BKD
[2012/10/02 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\autoruns
[2012/10/02 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Audible
[2012/10/02 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/10/02 19:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/10/02 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2012/10/02 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/10/02 19:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/10/02 19:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/10/02 19:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/10/02 19:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/10/02 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/10/02 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Adobe
[2012/10/02 19:02:01 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Adobe
[2012/10/02 19:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2012/10/02 19:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/10/02 19:00:02 | 000,291,352 | ---- | C] (silex technology, Inc.) -- C:\Windows\SysNative\drivers\sxuptp.sys
[2012/10/02 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2012/10/02 18:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2012/10/02 18:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2012/10/02 17:10:51 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys
[2012/10/02 17:10:50 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys
[2012/10/02 17:10:50 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys
[2012/10/02 17:10:50 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys
[2012/10/02 17:10:50 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys
[2012/10/02 17:10:50 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys
[2012/10/02 17:10:50 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys
[2012/10/02 16:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/10/02 02:52:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/10/02 02:52:26 | 000,000,000 | ---D | C] -- C:\Boot
[2012/10/01 22:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309000.009
[2012/10/01 22:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/10/01 22:01:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/10/01 21:02:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/01 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Skype
[2012/10/01 20:59:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/10/01 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/01 20:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/01 20:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/10/01 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/10/01 19:05:35 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Microsoft Help
[2012/10/01 19:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/10/01 19:05:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/10/01 19:01:56 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Norton Utilities
[2012/10/01 18:52:12 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\CrashDumps
[2012/10/01 18:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/01 18:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2012/10/01 18:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15
[2012/10/01 18:45:38 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys
[2012/10/01 18:45:37 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymDSMon.sys
[2012/10/01 18:45:37 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys
[2012/10/01 18:45:36 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/10/01 18:45:36 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/10/01 18:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec
[2012/10/01 18:45:35 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/10/01 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\UnErase
[2012/10/01 18:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/10/01 18:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15
[2012/10/01 18:10:54 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\Documents\Symantec
[2012/10/01 18:10:20 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/10/01 18:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/10/01 18:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/10/01 18:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/10/01 18:09:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/10/01 18:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/10/01 18:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/10/01 18:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/10/01 18:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/10/01 18:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/10/01 18:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/10/01 18:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/01 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/01 18:01:29 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/10/01 18:01:29 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Searches
[2012/10/01 18:01:29 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/01 18:01:29 | 000,000,000 | -H-D | C] -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/01 18:01:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/01 18:01:15 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Identities
[2012/10/01 18:01:12 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Contacts
[2012/10/01 18:01:08 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\VirtualStore
[2012/10/01 18:00:59 | 000,000,000 | --SD | C] -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Videos
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Saved Games
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Pictures
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Music
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Links
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Favorites
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Downloads
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Documents
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\Desktop
[2012/10/01 18:00:59 | 000,000,000 | R--D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\AppData\Local\Temporary Internet Files
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Templates
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Start Menu
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\SendTo
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Recent
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\PrintHood
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\NetHood
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Documents\My Videos
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Documents\My Pictures
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Documents\My Music
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\My Documents
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Local Settings
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\AppData\Local\History
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Cookies
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\Application Data
[2012/10/01 18:00:59 | 000,000,000 | -HSD | C] -- C:\Users\Colin Barrow\AppData\Local\Application Data
[2012/10/01 18:00:59 | 000,000,000 | -H-D | C] -- C:\Users\Colin Barrow\AppData
[2012/10/01 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Temp
[2012/10/01 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Local\Microsoft
[2012/10/01 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Colin Barrow\AppData\Roaming\Media Center Programs
[2012/10/01 18:00:43 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/10/01 17:53:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/10/01 17:53:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 07:30:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Colin Barrow\Desktop\OTL.scr
[2012/10/08 07:29:54 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 07:29:54 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 07:22:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 07:21:39 | 000,414,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/08 07:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 07:21:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/10/08 07:21:23 | 3169,255,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 19:03:35 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2012/10/07 14:01:33 | 001,657,824 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012/10/07 13:08:35 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012/10/07 12:59:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/07 12:07:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/07 12:07:56 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/07 12:07:56 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/07 12:06:58 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
[2012/10/06 22:19:41 | 000,165,376 | ---- | M] () -- C:\Users\Colin Barrow\Desktop\SystemLook_x64.exe
[2012/10/06 16:22:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/10/06 16:22:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/10/06 16:17:49 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2012/10/06 11:02:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/06 09:25:09 | 000,001,133 | ---- | M] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/03 18:35:30 | 000,000,967 | ---- | M] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/03 18:31:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/10/03 18:27:30 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2012/10/03 02:31:08 | 000,009,103 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121002.018
[2012/10/02 21:39:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/10/02 21:13:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/10/02 19:19:44 | 000,001,437 | ---- | M] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/02 19:17:32 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/10/02 19:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/02 19:13:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/02 19:06:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2012/10/02 19:02:26 | 000,000,051 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2012/10/02 02:52:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/10/01 20:59:23 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/01 19:54:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/10/01 18:53:57 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2012/10/01 18:20:33 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/10/01 18:20:33 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/10/01 18:20:33 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/10/01 18:05:09 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/01 18:04:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/01 17:57:08 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/10/01 17:57:08 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/10/01 17:55:18 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/10/01 17:54:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 07:21:26 | 000,414,048 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/07 13:08:35 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012/10/07 12:59:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/07 12:06:55 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
[2012/10/06 22:19:25 | 000,165,376 | ---- | C] () -- C:\Users\Colin Barrow\Desktop\SystemLook_x64.exe
[2012/10/06 16:17:49 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2012/10/06 16:15:30 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/10/06 16:15:30 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/06 10:26:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/06 10:26:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/06 10:26:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/06 10:26:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/06 10:26:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/04 16:42:47 | 000,001,133 | ---- | C] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/03 22:10:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 18:35:30 | 000,000,967 | ---- | C] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/03 18:31:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/10/03 18:27:30 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2012/10/03 18:17:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/10/03 02:31:42 | 000,009,103 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121002.018
[2012/10/02 21:39:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/10/02 21:13:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/10/02 19:29:39 | 004,528,590 | ---- | C] () -- C:\Users\Colin Barrow\Documents\mtg_ebook.pdf
[2012/10/02 19:29:39 | 000,732,892 | ---- | C] () -- C:\Users\Colin Barrow\Documents\May2011 - May2012.pdf
[2012/10/02 19:29:39 | 000,651,264 | ---- | C] () -- C:\Users\Colin Barrow\Documents\Business account ledger.accdb
[2012/10/02 19:29:39 | 000,269,261 | ---- | C] () -- C:\Users\Colin Barrow\Documents\Proof of NCB.pdf
[2012/10/02 19:29:39 | 000,207,443 | ---- | C] () -- C:\Users\Colin Barrow\Documents\BusinessAccountLedger.accdt
[2012/10/02 19:29:39 | 000,191,174 | ---- | C] () -- C:\Users\Colin Barrow\Documents\2012 p60.pdf
[2012/10/02 19:29:39 | 000,044,528 | ---- | C] () -- C:\Users\Colin Barrow\Documents\health lotto win.pdf
[2012/10/02 19:29:39 | 000,023,164 | ---- | C] () -- C:\Users\Colin Barrow\Documents\Mandy passwords.pdf
[2012/10/02 19:29:39 | 000,010,931 | ---- | C] () -- C:\Users\Colin Barrow\Documents\grant thornton annual I&E update 2012 Colin.pdf
[2012/10/02 19:29:39 | 000,001,766 | ---- | C] () -- C:\Users\Colin Barrow\Documents\April 2012 Halifax Bank Statement.csv
[2012/10/02 19:29:39 | 000,000,000 | -H-- | C] () -- C:\Users\Colin Barrow\Documents\Default.rdp
[2012/10/02 19:16:07 | 001,657,824 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012/10/02 19:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/02 19:13:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/02 19:06:23 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2012/10/02 19:06:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2012/10/02 19:05:25 | 000,049,152 | ---- | C] () -- C:\Windows\SysNative\HPM1210SMs.dll
[2012/10/02 19:05:23 | 001,366,016 | ---- | C] () -- C:\Windows\SysNative\HPM1210SM.exe
[2012/10/02 19:05:23 | 000,407,040 | ---- | C] () -- C:\Windows\SysNative\HPM1210LM.DLL
[2012/10/02 19:05:19 | 000,212,992 | ---- | C] () -- C:\Windows\SysNative\m1130wia.dll
[2012/10/02 19:00:07 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\NUSchedule.job
[2012/10/02 17:10:51 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet64.cat
[2012/10/02 17:10:51 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet.inf
[2012/10/02 17:10:50 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.cat
[2012/10/02 17:10:50 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.cat
[2012/10/02 17:10:50 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.cat
[2012/10/02 17:10:50 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.cat
[2012/10/02 17:10:50 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa.inf
[2012/10/02 17:10:50 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds.inf
[2012/10/02 17:10:50 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.inf
[2012/10/02 17:10:50 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.inf
[2012/10/02 17:10:50 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.inf
[2012/10/02 17:10:50 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.inf
[2012/10/02 02:52:27 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/10/02 02:52:26 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012/10/01 22:01:48 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symvtcer.dat
[2012/10/01 22:01:46 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.cat
[2012/10/01 22:01:46 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.cat
[2012/10/01 22:01:46 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
[2012/10/01 20:59:23 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/01 19:54:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/10/01 18:45:40 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2012/10/01 18:45:36 | 000,039,784 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/10/01 18:10:20 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/10/01 18:10:20 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/10/01 18:10:16 | 000,002,492 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/10/01 18:05:09 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/01 18:04:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/01 18:03:12 | 000,001,437 | ---- | C] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 18:01:41 | 000,001,409 | ---- | C] () -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/10/01 18:01:32 | 000,001,443 | ---- | C] () -- C:\Users\Colin Barrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/01 18:00:59 | 000,000,290 | ---- | C] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/01 18:00:59 | 000,000,272 | ---- | C] () -- C:\Users\Colin Barrow\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/01 17:57:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/01 17:56:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/10/01 17:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/01 17:54:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/10/01 17:53:05 | 3169,255,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/06 09:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/07/02 23:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/09 22:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/21 21:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2011/12/08 02:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/07 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Colin Barrow\AppData\Roaming\Leadertech
[2012/10/04 17:31:56 | 000,000,000 | ---D | M] -- C:\Users\Colin Barrow\AppData\Roaming\RoboForm
[2012/10/07 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Colin Barrow\AppData\Roaming\Seagate
[2012/10/04 20:33:46 | 000,000,000 | ---D | M] -- C:\Users\Colin Barrow\AppData\Roaming\uTorrent
[2012/10/04 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Colin Barrow\AppData\Roaming\Win7codecs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF

< End of report >

#6 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 October 2012 - 01:49 AM

OTL Extras logfile created on: 08/10/2012 07:31:03 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Colin Barrow\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.47% Memory free
7.87 Gb Paging File | 6.19 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.90 Gb Total Space | 172.40 Gb Free Space | 78.76% Space Free | Partition Type: NTFS
Drive D: | 79.19 Gb Total Space | 50.74 Gb Free Space | 64.07% Space Free | Partition Type: NTFS

Computer Name: COLINBARROW-PC | User Name: Colin Barrow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C27ED8-E63E-4F65-9AC4-FE58685DFC41}" = rport=138 | protocol=17 | dir=out | app=system |
"{30CDCE33-4608-461B-BE4F-155BCF2E371C}" = lport=445 | protocol=6 | dir=in | app=system |
"{40A6A584-C76C-4F58-B6D7-61C0E6768C8A}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{462641C6-14C0-4D88-9624-10F6E1E4D59D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4647A1BD-1028-4233-A68B-663583CEA5BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E07A65A-F12C-4605-B500-D3DB9283A4FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BDDCB9B-9720-4126-BE7C-C8931C3A2468}" = lport=139 | protocol=6 | dir=in | app=system |
"{7A51B57E-A5B5-43B3-A79F-72908FFDBC5D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F52D427-452C-4A1F-B0BB-A7026AB5E488}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2CA5E70-0F0C-4004-B98C-6F2D2FE7BB4B}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB0A05B0-1928-4659-92D0-D82CED27C96A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C728F0D9-5DDE-44F9-866D-2F327708A466}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDD86235-18B6-4306-8AD5-DDB6532FC936}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D389B441-92B4-4C78-8D73-2B82868B95BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129105CC-EA22-42FE-80DE-7D319404D3C7}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2E01BD17-B2C9-4CB4-91AF-E59DC0FB891F}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{3FE63D72-BAF2-41E1-AB74-FF9A9A9C2016}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{476F4266-F3F8-4027-A8A2-608A4BA937A7}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{5A744476-BC04-424E-B5D7-7F0F1ADFFCCF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5EAD3531-350C-4C10-8D28-76E2263E8D50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60A633A0-1B5B-4959-8A13-CB65F62DE092}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D3A5C1A-F455-4036-8916-EA39EA820CD6}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{6EB891D9-B0DD-4162-9BE7-B06C61A994E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7FA4ED53-2AE5-4434-A3C9-2E48CC526ED4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{805BAE2C-EB47-44D8-B04F-87CC54E87482}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8A02B0D3-3687-4609-AAA5-C120680EAFE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{922ABC7D-5BC8-4534-B035-4D18FE6E1B6C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{94B480AE-AF0B-4F69-8F78-EB48D8FE7830}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A067DE20-1ABB-4979-BCCB-CA5C90458589}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CB3FE38F-B3A4-43AE-A9D5-E57AC35D02CC}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{CBFADCE1-8BB3-4EEF-95D1-E4D26E65CB17}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{D2AD800D-1BFF-45A8-AC74-5F7F470BB1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{E976C56B-3FEA-476C-A6BF-9FFA1A263871}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9ea84b29-cfd2-424e-ba82-6d74a9b9efe6}" = Nero MediaHome 4 Essentials
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AI RoboForm" = RoboForm 7-8-3-5 (All Users)
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"ENTERPRISE" = Microsoft Office Enterprise 2007
"NIS" = Norton Internet Security
"Norton Utilities 15_is1" = Norton Utilities 15
"uTorrent" = µTorrent
"Video Mover_is1" = Video Mover

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2012 14:38:37 | Computer Name = ColinBarrow-PC | Source = ESENT | ID = 474
Description = wuaueng.dll (1020) SUS20ClientDataStore: The database page read from
the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 76021760
(0x0000000004880000) (database page 2319 (0x90F)) for 32768 (0x00008000) bytes
failed verification due to a page checksum mismatch. The expected checksum was
[edb4edb48cf93855:c096c0968edc091c:dc5d23a2de2e0904:5a1f5a1f7fa90931] and the actual
checksum was [edb4edb4e0f95455:c096c0968edc091c:b05d4fa2de2e0904:5a1f5a1f7fa90931].
The read operation will fail with error -1018 (0xfffffc06). If this condition
persists then please restore the database from a previous backup. This problem
is likely due to faulty hardware. Please contact your hardware vendor for further
assistance diagnosing the problem.

Error - 07/10/2012 14:45:32 | Computer Name = ColinBarrow-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 11.2.3.6, time stamp:
0x4fdbcf1d Faulting module name: DefUtDCD.dll, version: 4.5.3.2, time stamp: 0x4fc69714
Exception
code: 0xc0000409 Fault offset: 0x00017e1a Faulting process id: 0xa68 Faulting application
start time: 0x01cda4ba6969c9e4 Faulting application path: C:\Program Files (x86)\Norton
Internet Security\Engine\19.9.0.9\ccSvcHst.exe Faulting module path: C:\Program
Files (x86)\Norton Internet Security\Engine\19.9.0.9\DefUtDCD.dll Report Id: 2c1c1875-10af-11e2-bf7d-0019d105a542

Error - 07/10/2012 15:00:16 | Computer Name = ColinBarrow-PC | Source = DiskDoctorService | ID = 0
Description =

Error - 08/10/2012 02:22:24 | Computer Name = ColinBarrow-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 08/10/2012 02:22:59 | Computer Name = ColinBarrow-PC | Source = ESENT | ID = 455
Description = Windows (1556) Windows: Error -1811 occurred while opening logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00082.log.

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 08/10/2012 02:23:11 | Computer Name = ColinBarrow-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 07/10/2012 13:56:08 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 12 time(s).

Error - 07/10/2012 13:57:45 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Seagate
Dashboard Services service to connect.

Error - 07/10/2012 13:58:53 | Computer Name = ColinBarrow-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 07/10/2012 14:05:05 | Computer Name = ColinBarrow-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 07/10/2012 14:21:35 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 07/10/2012 14:32:35 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 07/10/2012 14:38:37 | Computer Name = ColinBarrow-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80073712: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error - 07/10/2012 14:45:36 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7034
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 3 time(s).

Error - 08/10/2012 02:23:12 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 08/10/2012 02:23:12 | Computer Name = ColinBarrow-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 08 October 2012 - 03:05 PM

Good evening. :)

Click the "Windows" icon in the bottom left hand corner.
Select Control Panel.
Select System.
Select Advanced system settings on the left hand side.
Under Startup and Recovery click the Settings... button.
Under System failure ensure that Automatic restart is unchecked.

Under Write debugging information ensure that Kernal memory dump is selected.
The location of this dump file should be listed underneath - mine is %SystemRoot%\MEMORY.DMP.

Click OK and close any open windows that are left.

I want you to use the PC until it crashes again. The blue screen should remain and there should be some information at the bottom, under Technical information:.
Please copy that down before you reboot the PC and let me have it in your next reply.
Also, take a look for the dump file that should have been written to the location above - in my case this is C:\Windows\MEMORY.DMP Please attach the .dmp file if you can find it, which may need to be zipped up first if the board won't accept it unzipped.

So long, and thanks for all the fish.

 

 


#8 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 10 October 2012 - 05:30 AM

technical info

*** STOP: 0x00000018 (0x0000000000000000, 0xFFFFFA80073C6290, 0X00000000000000002, 0XFFFFFFFFFFFFFFFF)

I can't zip dmp file acess is denied

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 10 October 2012 - 02:30 PM

Good evening. :)

Please attach the .dmp file if you can find it, which may need to be zipped up first if the board won't accept it unzipped.

Did you try to attach it after zipping it?

So long, and thanks for all the fish.

 

 


#10 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 10 October 2012 - 11:58 PM

I managed to zip the dmp file but its 250mb so cant attach it here what should i do, the unzipped file is 1gb in size

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 11 October 2012 - 02:09 PM

Good evening. :)

We'll pass on that idea then.

Follow the instructions above again, but this time under Write debugging information select Small memory dump (56KB). Delete the MEMORY.DMP file and wait for the next crash and then post the new .dmp file which should be manageable now.

So long, and thanks for all the fish.

 

 


#12 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 12 October 2012 - 06:34 AM

Write debugging information


Attached File  101212-26488-01.zip   31.02KB   0 downloadsAttached File  101212-61308-01.zip   21.17KB   1 downloads

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 12 October 2012 - 04:58 PM

Good evening. :)

Did the blue screens occur immediately after reinstalling Windows or did you install other software first?

So long, and thanks for all the fish.

 

 


#14 colb2002

colb2002
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 12 October 2012 - 09:54 PM

after installing windows i immediatly installed programs as i normally do so its hard to say which it would be, but when i put a cd in and install something it couldnt find certain installation files even on the windows dvd it didnt like it.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:00 AM

Posted 13 October 2012 - 01:31 PM

Good evening. :)

We'll take a look at the installation and see if that has issues. I'd like you to follow the steps in Option 2 - "3. To Only Verify if the System Files are Corrupted" found here.
Let me know if it reports all as OK, as the image in 4 shows and we'll take it from there.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users