geegees Posted February 23, 2011 Share Posted February 23, 2011 Hi, I've recently downloaded CCleaner onto my computer. I use the free version of Avast antivirus (all up to date) and the boot time scan is picking up a virus associated with CCleaner: File Name: C:\Program Files\CCleaner\Registry Reviver.msi|>Data1.cab|>_80A03ECA3D3920DA204B8DAFC8F1B471 The severity is low, status is: PUP:Win32:SlowPCfighter[PUP] What exactly does this mean and what, if any, action do I need to take? Thanks! Link to comment Share on other sites More sharing options...
kroozer Posted February 23, 2011 Share Posted February 23, 2011 geeegees, I use Avast and I do not get malware warnings with CCleaner. Where did you download CCleaner from? There are rogue imitations. Reliable sources include Piriform and FileHippo. Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2011 Share Posted February 23, 2011 It could be a false positive but I've never seen Registry Reviver.msi file before in my CCleaner directory. Did you download CCleaner from Piriform or another site? Link to comment Share on other sites More sharing options...
geegees Posted February 23, 2011 Author Share Posted February 23, 2011 Thanks for your responses! I downloaded CCleaner from www.cnet.com - is that a reputable source or should I uninstall, run the virus check again and then install direct from the Piriform website? Link to comment Share on other sites More sharing options...
ishan_rulz Posted February 23, 2011 Share Posted February 23, 2011 I just googled "Registry Reviser" and this is what I got: http://www.filecluster.com/Antivirus-Report/Registry-Reviver.html If you haven't downloaded any such software and the fact that it ended up in the CCleaner folder seems suspicious! I recommend you run a virus scan and remove this and even though CNET is a reputable site, you might as well download via Piriform or FileHippo Piriform FileHippo EDIT: use MalwareBytes' Anti-Malware to remove this. It IS a trojan. http://www.malwarebytes.org/ Simplicity is hard. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted February 23, 2011 Moderators Share Posted February 23, 2011 I'd recommend reading and following this as much as possible because you may need special operations for a complete removal of the malware: http://forum.piriform.com/index.php?showtopic=20120 Link to comment Share on other sites More sharing options...
geegees Posted February 23, 2011 Author Share Posted February 23, 2011 Thanks again! I downloaded MalwareBytes' Anti-Malware and ran it. It didn't pick up anything but I uninstalled CCleaner anyway and reinstalled it from the Piriform website. I have rerun MalwareBytes' Anti-Malware check again (all clear again) and ran an Avast boot time scan, which also picked nothing so hopefully all is clear! Andavari, would you still recommend I go through the process described in the link you posted? Thanks! Link to comment Share on other sites More sharing options...
ishan_rulz Posted February 23, 2011 Share Posted February 23, 2011 The fact that you have run MBAM and Avast and picked up nothing should mean that your PC ] is clean typically. Although, if you think something is out of place or your computer isn't acting the way it should you might as well go through the process cause its better to be safe than sorry, eh? Simplicity is hard. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted February 24, 2011 Moderators Share Posted February 24, 2011 Andavari, would you still recommend I go through the process described in the link you posted? It's up to you, but personally if it were my PC I would go through it just to make sure something isn't hidden. Also some of those specialty tools can undo damage -- that is if there's any. Link to comment Share on other sites More sharing options...
geegees Posted March 6, 2011 Author Share Posted March 6, 2011 Thanks, I have gone through the checklist and have pasted the reports below. Can I uninstall everything I downloaded as a result of following the procedures list (ERUNT, OTM, Rooter etc.)? I've also been getting loads of warnings and errors in Event Viewer. I have pasted all of today's errors below in case they show anything useful. [i]Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 6/03/2011 12:47:01 p.m. Event ID: 1002 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The IP address lease 192.168.1.2 for the Network Card with network address 0024212FAC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" EventSourceName="Dhcp" /> <EventID Qualifiers="0">1002</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-05T23:47:01.000Z" /> <EventRecordID>170825</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data>192.168.1.2</Data> <Data>0024212FAC90</Data> <Data>192.168.1.1</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-Perflib Date: 6/03/2011 2:35:13 p.m. Event ID: 1010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Perflib" Guid="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}" EventSourceName="Perflib" /> <EventID Qualifiers="49152">1010</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T01:35:13.000Z" /> <EventRecordID>32155</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <UserData> <EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="Perflib"> <param1>EmdCache</param1> <param2>C:\Windows\system32\emdmgmt.dll</param2> <binaryDataSize>4</binaryDataSize> <binaryData>8F040000</binaryData> </EventXML> </UserData> </Event> Log Name: System Source: Service Control Manager Date: 6/03/2011 1:56:18 p.m. Event ID: 7043 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7043</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:56:18.000Z" /> <EventRecordID>171198</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">Group Policy Client</Data> </EventData> </Event> Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 6/03/2011 1:46:24 p.m. Event ID: 10010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10010</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:46:24.000Z" /> <EventRecordID>171087</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</Data> </EventData> </Event> Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 6/03/2011 1:06:17 p.m. Event ID: 1002 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The IP address lease 192.168.1.2 for the Network Card with network address 0024212FAC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" EventSourceName="Dhcp" /> <EventID Qualifiers="0">1002</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:06:17.000Z" /> <EventRecordID>170888</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data>192.168.1.2</Data> <Data>0024212FAC90</Data> <Data>192.168.1.1</Data> </EventData> </Event> Log Name: Application Source: System Restore Date: 6/03/2011 1:05:12 p.m. Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: Failed to create restore point on volume (Process = C:\Program Files\Alwil Software\Avast5\setup\avast.setup Files\Alwil Software\Avast5\setup\avast.setup" /uninstwiz ; Descripton = avast! Free Antivirus Setup; Hr = 0x8007043c). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="System Restore" /> <EventID Qualifiers="0">8193</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:05:12.000Z" /> <EventRecordID>32009</EventRecordID> <Channel>Application</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data>C:\Program Files\Alwil Software\Avast5\setup\avast.setup Files\Alwil Software\Avast5\setup\avast.setup" /uninstwiz </Data> <Data>avast! Free Antivirus Setup</Data> <Data>0x8007043c</Data> <Binary>3C04078002020000D60100000000000032CA19E58CAF4DCB010000000000000000000000</Binary> </EventData> </Event> Log Name: System Source: Service Control Manager Date: 6/03/2011 1:04:29 p.m. Event ID: 7001 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7001</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:04:29.000Z" /> <EventRecordID>170860</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">Computer Browser</Data> <Data Name="param2">Server</Data> <Data Name="param3">%%1068</Data> </EventData> </Event> Log Name: System Source: EventLog Date: 6/03/2011 1:02:54 p.m. Event ID: 6008 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The previous system shutdown at 12:46:55 p.m. on 6/03/2011 was unexpected. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EventLog" /> <EventID Qualifiers="32768">6008</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:02:54.000Z" /> <EventRecordID>170832</EventRecordID> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data>12:46:55 p.m.</Data> <Data>6/03/2011</Data> <Data> </Data> <Data> </Data> <Data>20</Data> <Data> </Data> <Data> </Data> <Binary>DB070300000006000C002E0037009501DB0703000600050017002E00370095013C0000003C000000000000000000000000000000000000000100000000000000</Binary> </EventData> </Event> Log Name: Security Source: Microsoft-Windows-Eventlog Date: 6/03/2011 1:02:59 p.m. Event ID: 1101 Task Category: Event processing Level: Error Keywords: Audit Success User: N/A Computer: Hutchinson-PC Description: Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" /> <EventID>1101</EventID> <Version>0</Version> <Level>2</Level> <Task>101</Task> <Opcode>0</Opcode> <Keywords>0x4020000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:02:59.904Z" /> <EventRecordID>61916</EventRecordID> <Correlation /> <Execution ProcessID="928" ThreadID="1464" /> <Channel>Security</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <UserData> <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog"> <Reason>34</Reason> </AuditEventsDropped> </UserData> </Event> Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 6/03/2011 1:03:00 p.m. Event ID: 10005 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10005</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:03:00.000Z" /> <EventRecordID>170837</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">1084</Data> <Data Name="param2">ShellHWDetection</Data> <Data Name="param3"> </Data> <Data Name="param4">{DD522ACC-F821-461A-A407-50B198B896DC}</Data> </EventData> </Event> Log Name: Application Source: Microsoft-Windows-EventSystem Date: 6/03/2011 1:03:07 p.m. Event ID: 4609 Task Category: Event System Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" /> <EventID Qualifiers="49152">4609</EventID> <Version>0</Version> <Level>2</Level> <Task>16</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:03:07.000Z" /> <EventRecordID>32006</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp</Data> <Data Name="param2">45</Data> <Data Name="param3">8007043c</Data> </EventData> </Event> Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 6/03/2011 1:03:07 p.m. Event ID: 10005 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10005</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:03:07.000Z" /> <EventRecordID>170838</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">1084</Data> <Data Name="param2">EventSystem</Data> <Data Name="param3"> </Data> <Data Name="param4">{1BE1F766-5536-11D1-B726-00C04FB926AF}</Data> </EventData> </Event> Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 6/03/2011 1:03:08 p.m. Event ID: 10005 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10005</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:03:08.000Z" /> <EventRecordID>170840</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1">1084</Data> <Data Name="param2">WSearch</Data> <Data Name="param3"> </Data> <Data Name="param4">{9E175B6D-F52A-11D8-B9A5-505054503030}</Data> </EventData> </Event> Log Name: System Source: Service Control Manager Date: 6/03/2011 1:04:29 p.m. Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Hutchinson-PC Description: The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr TfFsMon TfSysMon Wanarpv6 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7026</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-03-06T00:04:29.000Z" /> <EventRecordID>170869</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Hutchinson-PC</Computer> <Security /> </System> <EventData> <Data Name="param1"> aswSnx aswSP aswTdi spldr TfFsMon TfSysMon Wanarpv6</Data> </EventData> </Event>[/i] [b]Malwarebytes' Anti-Malware 1.50.1.1100[/b] www.malwarebytes.org Database version: 5908 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 6/03/2011 2:02:11 p.m. mbam-log-2011-03-06 (14-02-11).txt Scan type: Quick scan Objects scanned: 141137 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) [b]Artellos[/b] Windows Validation Check Version: 1.9.11.5 Log Created On: 1407_06-03-2011 ----------------------- Windows Information ----------------------- Windows Version: Windows Vista Service Pack 2 Windows Mode: Normal Systemroot Path: C:\Windows WVCheck's Auto Update Check ----------------------- Auto-Update Option: Download updates and install them automatically. ----------------------- Last Success Time for Update Detection: 2011-03-06 00:12:27 Last Success Time for Update Download: 2011-03-04 22:40:51 Last Success Time for Update Installation: 2011-03-04 22:41:41 WVCheck's Registry Check Check ----------------------- Antiwpa: Not Found ----------------------- Chew7Hale: Not Found ----------------------- WVCheck's File Dump ----------------------- C:\Windows\System32\slwga.dll Size: 12288 bytes Creation; 14/6/2009 11:45:54 Modification; 11/4/2009 18:28:24 MD5; da887f28054d78ee8637bebb924a2db5 Matched: slwga.dll ----------------------- C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll Size: 12288 bytes Creation; 21/1/2008 15:34:50 Modification; 21/1/2008 15:34:50 MD5; 7269a928bc18dafbddcffb96b6e987f1 Matched: slwga.dll ----------------------- C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll Size: 12288 bytes Creation; 14/6/2009 11:45:54 Modification; 11/4/2009 18:28:24 MD5; da887f28054d78ee8637bebb924a2db5 Matched: slwga.dll ----------------------- WVCheck's Dir Dump ----------------------- WVCheck found no known bad directories. WVCheck's Missing File Check ----------------------- WVCheck found no missing Windows files. WVCheck's MBAM Quarantine Check ----------------------- There were no bad files quarantined by MBAM. WVCheck's HOSTS File Check ----------------------- WVCheck found no bad lines in the hosts file. WVCheck's MD5 Check EXPERIMENTAL!! ----------------------- user32.dll - 75510147b94598407666f4802797c75a -------- End of File, program close at 1409_06-03-2011 -------- [b]Rooter[/b] Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows Vista Home Edition (6.0.6002) Service Pack 2 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [MpsSvc] RUNNING (state:4) Windows Firewall -> Enabled Windows Defender -> Enabled User Account Control (UAC) -> Disabled ! . Internet Explorer 8.0.6001.19019 . C:\ [Fixed-NTFS] .. ( Total:139 Go - Free:96 Go ) D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:1 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] . Scan : 14:15.27 Path : C:\Users\Hutchinson\Desktop\Rooter.exe User : Hutchinson ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) Locked System (4) ______ \SystemRoot\System32\smss.exe (432) ______ C:\Windows\system32\csrss.exe (552) ______ C:\Windows\system32\wininit.exe (596) ______ C:\Windows\system32\csrss.exe (604) ______ C:\Windows\system32\services.exe (640) ______ C:\Windows\system32\lsass.exe (652) ______ C:\Windows\system32\lsm.exe (660) ______ C:\Windows\system32\winlogon.exe (708) ______ C:\Windows\system32\svchost.exe (864) ______ C:\Windows\system32\svchost.exe (924) ______ C:\Windows\System32\svchost.exe (960) ______ C:\Windows\System32\svchost.exe (1068) ______ C:\Windows\System32\svchost.exe (1124) ______ C:\Windows\system32\svchost.exe (1136) Locked audiodg.exe (1216) ______ C:\Windows\system32\svchost.exe (1240) ______ C:\Windows\system32\SLsvc.exe (1260) ______ C:\Windows\system32\svchost.exe (1320) ______ C:\Windows\system32\svchost.exe (1504) ______ C:\Windows\System32\spoolsv.exe (1800) ______ C:\Windows\system32\Dwm.exe (1812) ______ C:\Windows\system32\svchost.exe (1856) ______ C:\Windows\system32\taskeng.exe (1864) ______ C:\Windows\Explorer.EXE (1892) ______ C:\Program Files\Windows Defender\MSASCui.exe (748) ______ C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (656) ______ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (1204) ______ C:\Windows\System32\hkcmd.exe (1308) ______ C:\Windows\System32\igfxpers.exe (1408) ______ C:\Windows\system32\igfxsrvc.exe (1620) ______ C:\Program Files\LSI SoftModem\agrsmsvc.exe (1356) ______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1680) ______ C:\Windows\System32\svchost.exe (1276) ______ C:\Windows\System32\svchost.exe (2072) ______ C:\Windows\system32\svchost.exe (2088) ______ C:\Windows\system32\svchost.exe (2112) ______ C:\Windows\System32\svchost.exe (2144) ______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2176) ______ C:\Windows\system32\SearchIndexer.exe (2264) ______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2400) ______ C:\Windows\system32\WUDFHost.exe (2568) ______ C:\Windows\system32\taskeng.exe (3948) ______ C:\Windows\System32\mobsync.exe (1224) ______ C:\Program Files\Hewlett-Packard\KBD\kbd.exe (3860) ______ C:\Windows\system32\svchost.exe (3548) ______ c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (3584) ______ C:\Windows\system32\wbem\wmiprvse.exe (2664) ______ C:\Program Files\Internet Explorer\iexplore.exe (3672) ______ C:\Program Files\Internet Explorer\iexplore.exe (1248) ______ C:\Windows\system32\taskeng.exe (1844) ______ C:\Users\Hutchinson\Desktop\Rooter.exe (832) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:149719417344) \Device\Harddisk0\Partition2 (Start_Offset:149719449600 | Length:10319339520) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\HPCeeScheduleForHutchinson.job C:\Windows\Tasks\PCDRScheduledMaintenance.job C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT C:\Windows\Tasks\User_Feed_Synchronization-{6FE0ED1B-02E4-4AE9-B848-7CC21FE3F5F8}.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 14:15.28 . C:\Rooter$\Rooter_1.txt - (06/03/2011 | 14:15.28) [b]Locksearch[/b] LockSearch by jpshortstuff (05.11.09.1) Log created at 14:20 on 06/03/2011 (Hutchinson) Scanning C:\ C:\hiberfil.sys ------------------------- C:\pagefile.sys ------------------------- -=E.O.F=- [b]CKScanner[/b] CKScanner - Additional Security Risks - These are not necessarily bad c:\users\hutchinson\favorites\other links\games and puzzles sudoku, crosswords, code cracker and wordsearch.url scanner sequence 3.NA.11 ----- EOF ----- [b]GMER Rootkit Scanner[/b] Nothing to report (GMER hasn’t found any system modification) [b]OTL[/b] OTL logfile created on: 6/03/2011 4:25:50 p.m. - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Hutchinson\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.44 Gb Total Space | 96.34 Gb Free Space | 69.09% Space Free | Partition Type: NTFS Drive D: | 9.61 Gb Total Space | 1.35 Gb Free Space | 14.08% Space Free | Partition Type: NTFS Computer Name: HUTCHINSON-PC | User Name: Hutchinson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Hutchinson\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\Hutchinson\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=92&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=92&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=92&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://nz.yahoo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telstraclear.co.nz/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011/03/06 13:55:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://cg2.orrcom.co.nz/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hutchinson\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Hutchinson\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 10:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/03/06 16:25:03 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Hutchinson\Desktop\OTL.exe [2011/03/06 15:04:07 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\Desktop\Piriform [2011/03/06 14:15:28 | 000,000,000 | ---D | C] -- C:\Rooter$ [2011/03/06 13:55:27 | 000,000,000 | ---D | C] -- C:\_OTM [2011/03/06 13:53:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/03/06 13:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\Documents\erunt[1] [2011/03/05 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\Documents\Windows_NT6_BSOD_jcgriff2 [2011/03/04 12:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/03/04 12:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/04 12:01:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/03/04 12:01:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/03/04 12:01:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/03/04 12:01:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/03/04 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011/03/04 11:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011/03/02 13:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\AppData\Local\ElevatedDiagnostics [2011/03/02 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2011/03/01 12:59:50 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\Documents\CCleaner Registry Backups [2011/03/01 12:50:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/02/28 15:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Axis Communications [2011/02/24 10:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/02/24 10:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/02/23 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\AppData\Roaming\Malwarebytes [2011/02/23 23:25:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/02/23 23:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/02/23 23:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/02/23 23:25:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/02/23 23:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/23 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\Documents\My muvees [2011/02/23 14:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies [2011/02/23 14:08:08 | 000,000,000 | ---D | C] -- C:\Users\Hutchinson\AppData\Roaming\muvee Technologies [2011/02/23 13:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2011/02/16 13:09:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011/02/16 13:08:40 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011/02/16 13:04:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/02/16 13:04:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/02/16 13:04:25 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/02/16 13:04:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/02/16 13:04:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/02/16 13:04:24 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/02/16 13:04:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/02/16 13:04:24 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/02/16 13:04:23 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/02/16 13:04:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/02/16 13:04:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/02/16 13:04:11 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/02/16 13:04:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/02/16 13:04:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/02/16 13:04:08 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/02/16 13:04:08 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/02/16 13:04:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/02/16 13:04:05 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/02/16 13:04:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/02/16 13:04:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/02/16 13:03:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/02/16 13:03:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/02/16 13:03:14 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/02/16 13:03:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/02/16 13:01:43 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/16 13:01:40 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/16 13:01:34 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/16 12:53:32 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/02/16 12:53:32 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/16 12:53:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/16 12:53:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/16 12:53:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/16 12:53:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/16 12:53:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/16 12:53:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/02/16 12:53:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/02/16 12:53:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/16 12:53:27 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/02/16 12:53:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/02/16 12:53:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/02/16 12:53:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/16 12:53:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/16 12:53:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/16 12:53:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/16 12:50:44 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/16 12:50:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/03/06 16:25:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Hutchinson\Desktop\OTL.exe [2011/03/06 16:22:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/06 14:02:57 | 000,624,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/03/06 14:02:57 | 000,117,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/03/06 13:57:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/06 13:57:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/06 13:57:41 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys [2011/03/06 13:55:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011/03/06 13:11:30 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6FE0ED1B-02E4-4AE9-B848-7CC21FE3F5F8}.job [2011/03/05 00:21:52 | 002,068,065 | ---- | M] () -- C:\Users\Hutchinson\Documents\Reports.zip [2011/03/05 00:18:16 | 002,356,876 | ---- | M] () -- C:\Users\Hutchinson\Documents\Reliability&PerformanceReport.html [2011/03/04 12:05:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/03/04 12:00:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/03/04 12:00:56 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/03/04 12:00:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/03/04 12:00:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/03/02 12:37:38 | 000,006,000 | ---- | M] () -- C:\Users\Hutchinson\AppData\Local\d3d9caps.dat [2011/02/24 10:49:46 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/24 00:50:54 | 000,011,264 | ---- | M] () -- C:\Users\Hutchinson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/23 23:25:53 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/16 14:33:31 | 000,000,944 | ---- | M] () -- C:\Users\Hutchinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2011/02/16 14:21:33 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011/02/16 14:12:36 | 000,393,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/03/06 13:06:13 | 2136,137,728 | -HS- | C] () -- C:\hiberfil.sys [2011/03/05 00:21:51 | 002,068,065 | ---- | C] () -- C:\Users\Hutchinson\Documents\Reports.zip [2011/03/05 00:19:10 | 002,356,876 | ---- | C] () -- C:\Users\Hutchinson\Documents\Reliability&PerformanceReport.html [2011/02/24 10:49:46 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/23 23:25:53 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/17 08:39:55 | 000,006,000 | ---- | C] () -- C:\Users\Hutchinson\AppData\Local\d3d9caps.dat [2010/04/12 16:55:32 | 000,011,264 | ---- | C] () -- C:\Users\Hutchinson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/08/02 21:39:12 | 000,038,630 | ---- | C] () -- C:\Users\Hutchinson\AppData\Roaming\Comma Separated Values (Windows).ADR [2009/08/02 21:29:54 | 000,009,334 | ---- | C] () -- C:\Users\Hutchinson\AppData\Roaming\Comma Separated Values (Windows).EML [2009/08/02 20:16:36 | 000,038,291 | ---- | C] () -- C:\Users\Hutchinson\AppData\Roaming\Microsoft Excel.ADR [2009/08/02 20:13:10 | 000,009,197 | ---- | C] () -- C:\Users\Hutchinson\AppData\Roaming\Microsoft Excel.EML [2009/06/14 12:46:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/06/14 12:46:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/26 09:12:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/02/08 03:42:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/02/07 09:06:48 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll [2009/02/07 09:06:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll [2009/02/07 09:04:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2006/11/03 01:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/03 01:44:53 | 000,393,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 23:33:01 | 000,624,444 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 23:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 23:33:01 | 000,117,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 23:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 23:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 21:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 21:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 20:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 20:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 143 bytes -> C:\Users\Hutchinson\AppData\Roaming\Microsoft Excel.EML:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Hutchinson\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:1CA73D29 < End of report > OTL Extras logfile created on: 6/03/2011 4:25:50 p.m. - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Hutchinson\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.44 Gb Total Space | 96.34 Gb Free Space | 69.09% Space Free | Partition Type: NTFS Drive D: | 9.61 Gb Total Space | 1.35 Gb Free Space | 14.08% Space Free | Partition Type: NTFS Computer Name: HUTCHINSON-PC | User Name: Hutchinson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4A976D11-7DB9-4DF8-8F43-72B56FEA45AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E16949AC-1C2E-4BF3-B8FB-388673B9062E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026E00F2-8F1B-4B6A-8B1B-C01D178FECBA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{088E2EAC-48AC-466E-B6F3-431684526A89}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "{5FF385FD-173E-4A88-A37B-D40B464CFB7E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{6667B7BD-E152-4A2C-BBC0-2AABD20EB978}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7D8A7C93-D04B-4382-9070-510C24008E4C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A61608FA-73C9-474D-8109-91EE3177F366}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DD205014-656F-4D03-8C42-389BC5143BE7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{DF277414-F34F-44A7-A595-D5AC615C3E7C}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{B19EDF54-55F7-4401-8E09-8D73494FD1D9}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | "UDP Query User{3A3210A0-6A4F-484D-83BB-313E4BFB0740}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update "{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem "AXIS Media Control Embedded" = AXIS Media Control Embedded "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PC-Doctor for Windows" = Hardware Diagnostic Tools "pywin32-py2.6" = Python 2.6 pywin32-212 "TVWiz" = Intel(R) TV Wizard "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 3/03/2011 4:33:05 p.m. | Computer Name = Hutchinson-PC | Source = WinMgmt | ID = 10 Description = Error - 3/03/2011 4:57:43 p.m. | Computer Name = Hutchinson-PC | Source = WinMgmt | ID = 10 Description = Error - 3/03/2011 5:06:47 p.m. | Computer Name = Hutchinson-PC | Source = EventSystem | ID = 4609 Description = Error - 3/03/2011 5:08:11 p.m. | Computer Name = Hutchinson-PC | Source = WinMgmt | ID = 10 Description = Error - 3/03/2011 5:41:22 p.m. | Computer Name = Hutchinson-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = Error - 3/03/2011 5:43:09 p.m. | Computer Name = Hutchinson-PC | Source = WinMgmt | ID = 10 Description = Error - 3/03/2011 5:44:02 p.m. | Computer Name = Hutchinson-PC | Source = Windows Search Service | ID = 3013 Description = Error - 3/03/2011 5:44:02 p.m. | Computer Name = Hutchinson-PC | Source = Windows Search Service | ID = 3013 Description = Error - 3/03/2011 5:44:05 p.m. | Computer Name = Hutchinson-PC | Source = Windows Search Service | ID = 3013 Description = Error - 3/03/2011 5:44:05 p.m. | Computer Name = Hutchinson-PC | Source = Windows Search Service | ID = 3013 Description = [ OSession Events ] Error - 16/03/2010 10:26:49 p.m. | Computer Name = Hutchinson-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 759 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 5/03/2011 7:47:01 p.m. | Computer Name = Hutchinson-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0024212FAC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 5/03/2011 8:02:54 p.m. | Computer Name = Hutchinson-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 12:46:55 p.m. on 6/03/2011 was unexpected. Error - 5/03/2011 8:03:00 p.m. | Computer Name = Hutchinson-PC | Source = DCOM | ID = 10005 Description = Error - 5/03/2011 8:03:07 p.m. | Computer Name = Hutchinson-PC | Source = DCOM | ID = 10005 Description = Error - 5/03/2011 8:03:08 p.m. | Computer Name = Hutchinson-PC | Source = DCOM | ID = 10005 Description = Error - 5/03/2011 8:04:29 p.m. | Computer Name = Hutchinson-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/03/2011 8:04:29 p.m. | Computer Name = Hutchinson-PC | Source = Service Control Manager | ID = 7026 Description = Error - 5/03/2011 8:06:17 p.m. | Computer Name = Hutchinson-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0024212FAC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 5/03/2011 8:46:24 p.m. | Computer Name = Hutchinson-PC | Source = DCOM | ID = 10010 Description = Error - 5/03/2011 8:56:18 p.m. | Computer Name = Hutchinson-PC | Source = Service Control Manager | ID = 7043 Description = < End of report > Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted March 6, 2011 Moderators Share Posted March 6, 2011 Advice on Malware is given in a different area of the forum. If you still feel you need help please start a thread in the Spyware Hell area of the forum including a link to this thread here. http://forum.piriform.com/index.php?showforum=12 I have put the info you posted into a code box as it was too long in this part of the forum Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
jessicaab6112 Posted April 19, 2015 Share Posted April 19, 2015 DO NOT USE CCLEANER ON PIRIFORM!!!! I downloaded it last week and since then my comuter started running slower and slower. It got really bad so today I ran malware-bytes and it said their was one ore more viruses in it, so I uninstalled it and restarted my computer and my computer was back to normal. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 19, 2015 Moderators Share Posted April 19, 2015 DO NOT USE CCLEANER ON PIRIFORM!!!! I downloaded it last week and since then my comuter started running slower and slower. It got really bad so today I ran malware-bytes and it said their was one ore more viruses in it, so I uninstalled it and restarted my computer and my computer was back to normal. Making allegations like that without facts to back it up doesn't help anyone. First you say your computer started to run slow so you ran malwarebytes which said you had viruses. You uninstalled Ccleaner and now all is well. So nothing to do with having a virus then? There are hundreds of thousands of people running Ccleaner and if it had such a drastic effect believe me we would hear about it. You didn't give any facts such as your operating system. If you used the registry cleaner part. If you had monitoring turned on. We welcome posts on the forum about issues when using Ccleaner, but they need to be backed up with facts and info, not just shouting ''DO NOT USE CCLEANER ON PIRIFORM!!!!'' Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now