Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
virus
Options
-
25-07-2013 8:31pm#1
Comments
-
-
-
OTL logfile created on: 25/07/2013 21:00:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Elaine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 66.05% Memory free
3.74 Gb Paging File | 2.82 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive
| 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Elaine\Downloads\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,312,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/09/22 15:20:28 | 000,437,248 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - [2013/07/23 18:32:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E88597-019C-40BC-A5B6-417EF0672F52}\MpKsle57d19c0.sys -- (MpKsle57d19c0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/03/07 09:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/12/27 15:57:50 | 000,319,592 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/09/19 15:05:56 | 000,035,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtDashPt.sys -- (RtDashPt)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 CA F1 00 B7 5A CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1\
CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (saafe ssaVea) - {0C3E805B-6ABE-5842-B895-D6F70E744B1D} - C:\ProgramData\saafe ssaVea\51e07b2d19bc1.dll ()
O2 - BHO: (SSearcyh-aNewTab) - {58680211-5A0A-4655-32DA-90D7B419A8C2} - C:\ProgramData\SSearcyh-aNewTab\51e07b48de32e.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1128D869-D5CA-43E1-9F73-DD3FC0E39F02}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9163A812-B42C-45D8-9293-F47B3FC28981}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\safesa~1\sprote~1.dll) - c:\Program Files\SafeSaver\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Program Files\WebSearch\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/25 18:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/23 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Adobe
[2013/07/15 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/07/15 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\HpUpdate
[2013/07/15 14:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/07/15 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/15 14:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/07/15 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\HP
[2013/07/12 22:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSearcyh-aNewTab
[2013/07/12 22:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SSearcyh-aNewTab
[2013/07/12 22:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/12 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/07/12 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\SafeSaver
[2013/07/12 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafe ssaVea
[2013/07/12 22:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\saafe ssaVea
[2013/07/12 22:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\X86
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AMD64
[2013/07/12 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/07/10 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
[2013/07/10 19:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/07/10 19:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013/07/10 19:05:40 | 021,331,096 | ---- | C] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
[2013/07/05 18:11:01 | 000,000,000 | -HSD | C] -- C:\found.000
========== Files - Modified Within 30 Days ==========
[2013/07/25 20:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 20:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 20:20:39 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 20:20:39 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 19:42:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 19:42:33 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RtlDashSrvStart.job
[2013/07/25 18:25:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/25 18:25:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/25 18:20:42 | 000,000,822 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/25 18:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 18:20:26 | 1876,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 18:21:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/15 19:56:34 | 000,002,436 | ---- | M] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:11:08 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/13 11:33:58 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 11:10:24 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 19:07:20 | 000,000,857 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | M] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/07/10 19:06:06 | 021,331,096 | ---- | M] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
========== Files Created - No Company Name ==========
[2013/07/15 19:56:34 | 000,002,436 | ---- | C] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:13:44 | 000,000,822 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/15 14:11:08 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:48 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/10 19:07:20 | 000,000,857 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | C] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/05/29 12:39:11 | 000,018,944 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/27 10:27:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013/05/27 10:27:13 | 002,498,216 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013/05/27 10:27:13 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013/05/27 10:27:13 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013/05/27 10:27:13 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013/05/26 18:59:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/05/26 18:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/05/25 13:50:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/05/24 18:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/24 17:49:36 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/05/24 17:10:38 | 000,000,680 | ---- | C] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/12 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\MusicNet
[2013/07/10 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
========== Purity Check ==========
< End of report >0 -
OTL Extras logfile created on: 25/07/2013 21:00:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Elaine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 66.05% Memory free
3.74 Gb Paging File | 2.82 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS
Drive | 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA73B8D-4269-4CD8-A094-D0636AC3FEF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{549506DC-8AA6-45CD-844B-D1DA581CF01C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63E8DD48-317D-4628-BB61-2F581118EC89}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A02E3247-7BD0-4B32-B2AF-EF160E2BB380}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4ED0977B-BE94-4418-A90F-12665F0DAA0E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{7A77294A-B6C8-4D66-AB91-45576BE2EF6D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{876FEAF7-C1A7-4E6C-A8F3-EEE52BA89B09}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{879666A6-4F3D-4B77-96BA-BA0BC1B907CD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{87A61D43-8C51-41A9-9DDD-B14E1E882322}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{8A056A1A-6B2F-4F7B-BEFC-718EF641AE28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE73F525-422F-4A8F-BE53-827E018016FC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F1F882FF-B9A3-4B2D-BD3C-9529607C8DC9}" = dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F93543F1-B5E5-4699-A36C-F95E62A65369}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1" = EZDownloader
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91EA9C6F-1666-4426-9C80-85019A7A0D62}" = RtkDashClientInstaller
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = saafe ssaVea
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SSearcyh-aNewTab
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"EaseUS Partition Master_is1" = EaseUS Partition Master 9.2.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PhotoScape" = PhotoScape
"SP_0bdf5975" = SafeSaver 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/07/2013 09:43:18 | Computer Name = Elaine-PC | Source = ESENT | ID = 455
Description = wuaueng.dll (1092) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05/07/2013 13:16:31 | Computer Name = Elaine-PC | Source = ESENT | ID = 454
Description = wuaueng.dll (1104) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -509.
Error - 10/07/2013 17:38:03 | Computer Name = Elaine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11/07/2013 19:14:44 | Computer Name = Elaine-PC | Source = EventSystem | ID = 4621
Description =
Error - 15/07/2013 09:53:11 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application HP-DQEX5.exe, version 0.0.0.0, time stamp 0x4ce364d7,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0004a152, process id 0x17e0, application start time
0x01ce815c1df33e28.
Error - 17/07/2013 10:40:57 | Computer Name = Elaine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 17/07/2013 12:33:03 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 28.0.1500.72, time stamp
0x51e03646, faulting module chrome.dll, version 28.0.1500.72, time stamp 0x51e035ce,
exception code 0x80000003, fault offset 0x0060fdf6, process id 0xef4, application
start time 0x01ce830b48b520a6.
Error - 17/07/2013 13:24:38 | Computer Name = Elaine-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 28.0.1500.72, time stamp
0x51e03646, faulting module chrome.dll, version 28.0.1500.72, time stamp 0x51e035ce,
exception code 0x80000003, fault offset 0x0060fdf6, process id 0x6f8, application
start time 0x01ce83127d2f9706.
Error - 24/07/2013 14:29:56 | Computer Name = Elaine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4c0 Start Time: 01ce889b453a63b0 Termination Time: 40
Error - 24/07/2013 14:30:46 | Computer Name = Elaine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1034 Start Time: 01ce889bcbdad620 Termination Time: 30
[ System Events ]
Error - 25/07/2013 13:03:51 | Computer Name = Elaine-PC | Source = DCOM | ID = 10010
Description =
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:18:17 | Computer Name = Elaine-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
Error - 25/07/2013 13:20:34 | Computer Name = Elaine-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:17:24 on 25/07/2013 was unexpected.
Error - 25/07/2013 13:36:28 | Computer Name = Elaine-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine
Version: Previous Engine Version: Error code: 0x8007042c Error description: The
dependency service or group failed to start.
Error - 25/07/2013 13:36:28 | Computer Name = Elaine-PC | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: Engine Type: %%886 User: NT AUTHORITY\SYSTEM Error
Code: 0x8007042c Error description: The dependency service or group failed to start.
Error - 25/07/2013 13:37:19 | Computer Name = Elaine-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
< End of report >0 -
-
Advertisement
-
-
-
-
-
-
Advertisement
-
-
-
-
-
-
-
-
-
-
-
Advertisement
-
OTL logfile created on: 25/07/2013 23:38:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elaine\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 67.57% Memory free
3.74 Gb Paging File | 3.16 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 203.77 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
Drive | 1.46 Gb Total Space | 1.43 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
PRC - [2013/07/23 18:32:36 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/09/22 15:20:28 | 000,437,248 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - [2013/07/23 18:32:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/07/25 22:46:00 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92160FD2-D2C4-4FC5-AF20-7D9183CB6278}\MpKsl8bf83ba4.sys -- (MpKsl8bf83ba4)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/03/07 09:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 09:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/12/27 15:57:50 | 000,319,592 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/09/19 15:05:56 | 000,035,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtDashPt.sys -- (RtDashPt)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 CA F1 00 B7 5A CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: WebSearch (Enabled)
CHR - default_search_provider: search_url = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - default_search_provider: suggest_url = http://localhost
CHR - homepage: http://websearch.pur-esult.info/?pid=724&r=2013/07/12&hid=432214777&lg=EN&cc=IE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: saafe ssaVea = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohcllbdofjadllanblcjbnpfgfaljja\1\
CHR - Extension: Gmail = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/07/25 22:43:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1128D869-D5CA-43E1-9F73-DD3FC0E39F02}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9163A812-B42C-45D8-9293-F47B3FC28981}: DhcpNameServer = 89.101.160.4 89.101.160.5
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/25 22:39:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/25 20:55:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
[2013/07/25 18:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/23 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Adobe
[2013/07/15 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/07/15 14:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/07/15 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\HpUpdate
[2013/07/15 14:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/07/15 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/15 14:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/07/15 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\HP
[2013/07/12 22:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\X86
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\EZDownloader
[2013/07/12 22:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\AMD64
[2013/07/12 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/07/10 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
[2013/07/10 19:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/07/10 19:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013/07/10 19:05:40 | 021,331,096 | ---- | C] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
[2013/07/05 18:11:01 | 000,000,000 | -HSD | C] -- C:\found.000
========== Files - Modified Within 30 Days ==========
[2013/07/25 23:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 22:50:07 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/25 22:50:07 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/25 22:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 22:46:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 22:46:01 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RtlDashSrvStart.job
[2013/07/25 22:45:51 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 22:45:51 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 22:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 22:45:36 | 1876,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 22:43:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/07/25 20:55:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe
[2013/07/25 18:20:42 | 000,000,822 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/23 18:21:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/15 19:56:34 | 000,002,436 | ---- | M] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:11:08 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/13 11:33:58 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 11:10:24 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 19:07:20 | 000,000,857 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | M] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/07/10 19:06:06 | 021,331,096 | ---- | M] (Mooii) -- C:\Users\Elaine\Desktop\PhotoScape_V3-6-5.exe
========== Files Created - No Company Name ==========
[2013/07/15 19:56:34 | 000,002,436 | ---- | C] () -- C:\Users\Elaine\Documents\Aoife Document.rtf
[2013/07/15 14:13:44 | 000,000,822 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN14C3C6K505HX.job
[2013/07/15 14:11:08 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/15 14:09:49 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:49 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
[2013/07/15 14:09:48 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2013/07/10 19:07:20 | 000,000,857 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/07/10 19:07:20 | 000,000,833 | ---- | C] () -- C:\Users\Elaine\Desktop\PhotoScape.lnk
[2013/05/29 12:39:11 | 000,018,944 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/27 10:27:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2013/05/27 10:27:13 | 002,498,216 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2013/05/27 10:27:13 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2013/05/27 10:27:13 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2013/05/27 10:27:13 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2013/05/26 18:59:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/05/26 18:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/05/25 13:50:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/05/24 18:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/24 17:49:36 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/05/24 17:10:38 | 000,000,680 | ---- | C] () -- C:\Users\Elaine\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/12 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\MusicNet
[2013/07/10 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PhotoScape
========== Purity Check ==========0 -
-
-
-
-
-
-
-
-
Advertisement
-
Advertisement