Jump to content

naxy

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi I have just installed Malwarebytes and have a "clean" pc I tried to access a web site but got the following IP blocking message 2012/04/07 14:27:31 +0100 TOSH Neil IP-BLOCK 85.159.232.68 (Type: outgoing, Port: 55441, Process: firefox.exe) The owner of this site has checked it and assures me that there is nothing untowards loaded on this server - checked with Avast and other programs. Is this a false positive?
  2. Oh yes I know how to do that, it was just an observation (I am a child of the DOS era pre Windows and still do a lot at the command line). Am I now safe to tidy up some of the files I have downloaded, I think the PC is clear of problems.
  3. Here is the report:- ComboFix 12-04-05.06 - Neil 05/04/2012 16:10:27.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1658 [GMT 1:00] Running from: c:\users\Neil\Downloads\ComboFix.exe Command switches used :: c:\users\Neil\Downloads\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\xp c:\programdata\xp\EBLib.dll c:\programdata\xp\TPwSav.sys . . ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))) . . 2012-04-05 15:38 . 2012-04-05 15:39 -------- d-----w- c:\users\Neil\AppData\Local\temp 2012-04-05 15:38 . 2012-04-05 15:38 -------- d-----w- c:\users\Keith\AppData\Local\temp 2012-04-05 15:38 . 2012-04-05 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-04 13:22 . 2012-04-04 13:22 -------- d-----w- C:\_OTL 2012-04-04 09:13 . 2012-04-04 13:28 -------- d-----w- c:\windows\system32\drivers\N360\0502010.003 2012-04-03 08:53 . 2012-04-03 08:53 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes 2012-04-03 08:53 . 2012-04-03 08:53 -------- d-----w- c:\programdata\Malwarebytes 2012-04-03 08:53 . 2012-04-03 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-03 08:53 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 13:58 . 2012-03-29 14:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-19 16:05 . 2012-03-19 16:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-19 16:05 . 2012-03-19 16:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-16 16:16 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-16 15:43 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-16 15:43 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-16 15:39 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-16 15:39 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-16 15:39 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-16 15:39 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 15:39 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-16 15:37 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-29 14:13 . 2011-06-15 10:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-17 16:50 . 2009-05-16 19:16 952 --sha-w- c:\programdata\KGyGaAvL.sys 2012-03-19 16:05 . 2011-04-30 15:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408] "Facebook Update"="c:\users\Neil\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-15 137536] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272] "NDSTray.exe"="NDSTray.exe" [bU] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Neil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] Jacquie Lawson London Advent Calendar.lnk - c:\program files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:13] . 2012-04-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1959831703-652381354-3546698765-1000Core.job - c:\users\Neil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-15 13:15] . 2012-04-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1959831703-652381354-3546698765-1000UA.job - c:\users\Neil\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-15 13:15] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-28 16:40] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-28 16:40] . 2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{C228C983-DB29-49A0-8CBF-A974A4ED6902}.job - c:\windows\system32\msfeedssync.exe [2011-04-08 08:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Trusted Zone: kaupthingedge.com\www Trusted Zone: naxfun.com\www Trusted Zone: powervps.com\www Trusted Zone: sourceforge.net TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{E887BCB6-F520-44A6-AB88-5EFA89111F02}: NameServer = 10.20.8.1 DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/en_GB/st/download/ddup/CNIMGUP_01_210102E.cab FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-05 16:39 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b4 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(972) c:\windows\system32\relog_ap.dll . Completion time: 2012-04-05 16:44:41 ComboFix-quarantined-files.txt 2012-04-05 15:44 ComboFix2.txt 2012-04-05 14:05 . Pre-Run: 193,587,363,840 bytes free Post-Run: 193,539,420,160 bytes free . - - End Of File - - 628158DEE1847C322D0DC6C1D0BF23F1 I notice I have lost the Run command from my windows startup screen under where it says , Control Panel, Default Programs, Admistrative tools, Help & Support - Run was there as an option.
  4. I already said yes and the results of the combofix i.e. combofix.txt is attached to a post three before this one. Do you want me to run combofix again with that script included?
  5. ComboFix.txt The report was too long so here it is an attachment.
  6. Here is the report, there was an error at the start which I screen dumped and have attached.
  7. Looks good:- rahSystemLook 30.07.11 by jpshortstuff Log created at 10:16 on 05/04/2012 by Neil Administrator - Elevation successful ========== folderfind ========== Searching for "*MyWebSearch*" No folders found. Searching for "*My Web Search*" No folders found. ========== regfind ========== Searching for "MyWebSearch" No data found. Searching for "My Web Search" No data found. -= EOF =- Tahnks you Maniac, I am very impressed with this site, tell me does Malwarebytes actively monitor activity or is it something that is run manually once in a while. so far I have trusted to Norton but as I have seen they are not infallible.
  8. MB log results:- Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.04.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Neil :: TOSH [administrator] Protection: Enabled 04/04/2012 15:00:50 mbam-log-2012-04-04 (15-00-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220912 Time elapsed: 8 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Fix log:- All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found. File C:\Program Files\HotSpot_International\tbHotS.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0c5f997d-f664-4afb-9652-ea7fd92f383d} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5f997d-f664-4afb-9652-ea7fd92f383d}\ not found. File C:\Program Files\PriceGongbar\prxtbPric.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. File C:\Program Files\Freecorder\tbFree.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found. File C:\Program Files\HotSpot_International\tbHotS.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0c5f997d-f664-4afb-9652-ea7fd92f383d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5f997d-f664-4afb-9652-ea7fd92f383d}\ not found. File C:\Program Files\PriceGongbar\prxtbPric.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. File C:\Program Files\Freecorder\tbFree.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found. Registry key HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3BAA735-798D-4D01-8651-CD93AC38B9AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BAA735-798D-4D01-8651-CD93AC38B9AB}\ not found. Registry key HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully. C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\skin folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale\en-US folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com folder moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found. File C:\Program Files\HotSpot_International\tbHotS.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c5f997d-f664-4afb-9652-ea7fd92f383d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5f997d-f664-4afb-9652-ea7fd92f383d}\ not found. File C:\Program Files\PriceGongbar\prxtbPric.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. File C:\Program Files\Freecorder\tbFree.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully. C:\Program Files\PriceGong\2.5.2\PriceGongIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found. File C:\Program Files\HotSpot_International\tbHotS.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0c5f997d-f664-4afb-9652-ea7fd92f383d} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5f997d-f664-4afb-9652-ea7fd92f383d}\ not found. File C:\Program Files\PriceGongbar\prxtbPric.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. File C:\Program Files\Freecorder\tbFree.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F}\ not found. File C:\Program Files\HotSpot_International\tbHotS.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found. File C:\Program Files\Freecorder\tbFree.dll not found. Registry value HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Scan link by Dr.Web\ deleted successfully. ========== FILES ========== C:\Program Files\ConduitEngine folder moved successfully. File\Folder C:\Program Files\PriceGongbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Keith ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 938 bytes ->Java cache emptied: 2072869 bytes ->FireFox cache emptied: 81526613 bytes ->Flash cache emptied: 9569 bytes User: Neil ->Temp folder emptied: 35325089 bytes ->Temporary Internet Files folder emptied: 67574424 bytes ->Java cache emptied: 7098980 bytes ->FireFox cache emptied: 49145340 bytes ->Google Chrome cache emptied: 8559134 bytes ->Flash cache emptied: 702043 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5413570 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 5125254071 bytes Total Files Cleaned = 5,133.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04042012_142253 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  10. Here is the OTL Etras log:- OTL Extras logfile created on: 04/04/2012 11:52:20 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Neil\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.22% Memory free 6.19 Gb Paging File | 4.45 Gb Available in Paging File | 71.88% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 299.99 Gb Total Space | 182.10 Gb Free Space | 60.70% Space Free | Partition Type: NTFS Drive D: | 164.28 Gb Total Space | 62.09 Gb Free Space | 37.80% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Neil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17E0B6A6-A158-4BAD-B9F2-7430BDCF70E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{215C566C-D2CF-42B2-B140-709A11891581}" = lport=10243 | protocol=6 | dir=in | app=system | "{4C511557-4198-4698-820A-C312A21E4D3B}" = rport=10243 | protocol=6 | dir=out | app=system | "{54EB470C-5C37-4442-91E7-C1143A4FB0B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6BDBC959-C688-4D85-B1AD-FB51704CDB05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C978B63-245A-4B1C-B574-E78E0AAF2C74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{90D7C390-FDD2-4AA6-A345-46707B7D9D2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF54F94C-04BB-4298-A466-FD3A85CB0189}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BBF0D2DA-7564-4D39-B420-7BB05E5BA494}" = lport=2869 | protocol=6 | dir=in | app=system | "{BFCAC089-5B44-4918-A162-A85DE55D9BEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF9D65AD-00E6-4B5C-9DE6-9D97DA137AD9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D8DD3B67-BD3A-4DD2-A1D8-64B40C408D3F}" = lport=2869 | protocol=6 | dir=in | app=system | "{E087ED51-2BCB-4FCA-9B9E-7DB5FBDAFF8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041C699C-409C-415E-8DE2-5650A8A30783}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{07CEE31D-0838-432C-B04B-F68F8774266E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{11B4CCFF-1770-43A6-955C-E2E6D1B669FC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{252A205D-3E89-49E3-BBE6-1B136E9AF8F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{39E75708-5D18-4698-A391-5375012625CE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{430E0635-0ECC-4172-AA88-E59F90F5EBEF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{49C46261-9519-41BB-9898-DF4E94EA4EB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4FF132F7-FAD5-4469-B0CF-509026E4CDFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{602D7970-3F7C-46BF-ACA1-BBF90B75BCD0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{6255A42B-FCAB-45B0-A38C-C2D65A35916B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{644962C5-67A5-4C2F-B309-9D7C3E8EFBED}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{69F11D8A-5ABE-45C0-B4A6-4AABBA8D17DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6E4E77A3-BEC9-402E-B3E2-92622AF4EC32}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{76DA53D9-D2B8-4C72-92C2-962729098566}" = dir=in | app=c:\users\neil\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{783A76CB-4810-42C4-83DC-55CFAA17668A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{784CF5B0-3367-4ABC-85D0-643518A8E5E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{973B9C1B-DE87-46B2-A466-16EB5D804136}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9741B7BC-0BE2-4566-B525-CC67A38863D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{996F76DB-4B3D-4AC1-B0E3-FCEAE2CFF02B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9A7837E0-9CDE-41BF-B66E-80124BD46B92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{A006AAEB-DE7B-49C9-833B-A640DE8BDE00}" = protocol=6 | dir=out | app=system | "{A517F6AB-B325-487B-A1F9-18C77A4979D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A75F6625-3A39-4351-A9BF-12544ED95569}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A9150E63-1217-434D-8C67-3EC1451EC735}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AB786D9E-050D-4F8A-972F-B9D4B5327D3D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{AD390778-54A4-4428-8A95-4C1A0D859AEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B1FDD45E-E159-4CB0-BC8C-36F04B9B57F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B4C0ED30-976F-407D-B5CB-CD729F6A0D5B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B999B664-436F-4535-AA47-5A23D675961B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{BFD2ACAA-AA27-48C9-B477-5D9B7994CA09}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C8FF6786-9942-4847-AC22-BB3178731D1B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E1E13B59-7207-45BE-83EA-9C56F788271D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0020C21-3E89-4FB4-856B-DB69C570C295}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = "{0170752C-8054-4140-8E11-E8FF51E4E9FB}" = Web Easy Professional "{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953 "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{293B8682-E7C4-445C-A890-951AC62A3ADC}" = Web Easy Professional "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home "{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor "{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5CA9BFF3-5104-4C29-83A3-175D0944E52F}" = CoreFTP "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1 "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F3DFFAB-6DDA-42DA-A22C-F45C697B7812}" = calibre "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76536E05-093B-0200-0000-000000000000}" = Android Sync Manager WiFi "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.2.188 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F636712-78BB-4FA4-B469-CF641ACAE1C9}_is1" = OxyBook (Trial) "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9553992D-8664-4351-A8AC-818BC87719A9}" = Web Easy Professional "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9649C3CF-AC27-4A09-9F7F-A28FADBFDA2D}" = MySQL Connector/ODBC 3.51 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}" = Crystal Reports 10 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5 "{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5 "{B7DCFC0E-A503-4766-9E9A-A43790964A92}" = Web Easy Professional "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCB8B85E-E28A-424F-AE81-A7553DAA32A4}" = Nokia PC Suite 4.88 "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{F9AC0B06-E3FB-4E64-87B4-7BAFA766BEDE}" = Web Easy Professional "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "7-Zip" = 7-Zip 4.59 beta "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.1 "Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.2 "AutoGK" = Auto Gordian Knot 2.55 "AviSynth" = AviSynth 2.5 "BitLord" = BitLord 1.1 "Canon MP980 series User Registration" = Canon MP980 series User Registration "CanonMyPrinter" = Canon Utilities My Printer "Concise Oxford English Dictionary (Eleventh Edition)" = Concise Oxford English Dictionary (Eleventh Edition) "conduitEngine" = Conduit Engine "ConTEXTEditor_is1" = ConTEXT "Core FTP LE 1.3c" = Core FTP LE 1.3c "DAO 3.5" = DAO 3.5 "DDUP" = CANON iMAGE GATEWAY Drag And Drop Upload Plugin "Debut" = Debut Video Capture Software "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX Setup "DjVu" = Lizardtech DjVu Control (autoinstall) "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD Shrink_is1" = DVD Shrink 3.2 "Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11 "Free AVI MPEG WMV MP4 FLV Video Joiner_is1" = Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.0.1 "Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00 "Free Studio_is1" = Free Studio version 4.1 "Freecorder Toolbar" = Freecorder Toolbar "Freecorder4.1" = Freecorder "Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter "Google Chrome" = Google Chrome "GSpot" = GSpot Codec Information Appliance "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotSpot_International Toolbar" = HotSpot International Toolbar "HotspotShield" = Hotspot Shield 2.24 "ieSpell" = ieSpell "ImageSkill Background Remover 3" = ImageSkill Background Remover 3 "ImTOO DVD Ripper Ultimate 5" = ImTOO DVD Ripper Ultimate "InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "JavaSMFBackup" = Java SMF Backup "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB) "N360" = Norton 360 "NVIDIA Drivers" = NVIDIA Drivers "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter "PhotoStitch" = Canon Utilities PhotoStitch "PHP Generator for MySQL_is1" = PHP Generator for MySQL 7.10 "PHP MySQL Wizard Demo_is1" = PhpMySQLWizard Demo 1.5 "PHPEdit" = PHPEdit 3.0.4 "Picasa 3" = Picasa 3 "PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006 "Power Sound Editor Free" = Power Sound Editor Free "PowerArchiver" = PowerArchiver "PowerISO" = PowerISO "PriceGong" = PriceGong 2.5.2 "PriceGongbar Toolbar" = PriceGongbar Toolbar "PrimoPDF3.1" = PrimoPDF "PuTTY_is1" = PuTTY version 0.60 "Rapport_msi" = Rapport "RealPlayer 6.0" = RealPlayer "save2pc Light_is1" = save2pc Light 3.38 "SCLS" = MSU Screen Capture Lossless Codec v1.2 (Remove Only) "Sqirlz Water Reflections" = Sqirlz Water Reflections "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Uninstall_is1" = Uninstall 1.0.0.1 "URLSnooper 2_is1" = URL Snooper v2.22.01 "VobSub" = VobSub v2.23 (Remove Only) "WampServer 2_is1" = WampServer 2.0 "WavePad" = WavePad Sound Editor "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.0.2 "XviD" = XviD MPEG-4 Codec "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Xvid_is1" = Xvid 1.1.3 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Customizations" = Yahoo! Extras "Yahoo! Extras" = Yahoo! Browser Services "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1959831703-652381354-3546698765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox "QUICKMEDIACONVERTER" = Player "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  11. results of OTL scan:- OTL logfile created on: 04/04/2012 11:52:20 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Neil\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.22% Memory free 6.19 Gb Paging File | 4.45 Gb Available in Paging File | 71.88% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 299.99 Gb Total Space | 182.10 Gb Free Space | 60.70% Space Free | Partition Type: NTFS Drive D: | 164.28 Gb Total Space | 62.09 Gb Free Space | 37.80% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Neil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/04 11:50:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Downloads\OTL.exe PRC - [2012/03/11 14:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/01/07 02:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe PRC - [2012/01/06 19:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe PRC - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe PRC - [2010/06/26 19:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/11/02 09:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe PRC - [2008/08/08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2008/03/17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/02/13 09:30:24 | 000,405,504 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe PRC - [2007/02/12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe PRC - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/01/29 12:43:44 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe PRC - [2007/01/18 14:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/01/17 14:46:32 | 000,534,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2006/12/20 00:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2006/11/14 23:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2006/11/14 22:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006/11/13 10:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006/11/06 18:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/02/15 11:29:53 | 000,499,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\b40b477fb1f07d4476f141bcda730270\TCrdMain.ni.exe MOD - [2012/02/15 10:41:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll MOD - [2012/02/15 10:41:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll MOD - [2012/02/15 10:40:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll MOD - [2012/02/15 10:40:06 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll MOD - [2012/02/15 10:39:34 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll MOD - [2012/02/15 10:39:10 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll MOD - [2012/02/15 10:38:59 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2012/01/07 02:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe MOD - [2012/01/06 19:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2011/10/12 10:11:35 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/08/10 10:36:28 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe MOD - [2008/01/23 17:55:14 | 000,055,784 | ---- | M] () -- C:\Program Files\Easy CD-DA Extractor 11\ezcddax11.dll MOD - [2007/02/12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe MOD - [2006/12/01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006/11/09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2006/11/06 18:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe MOD - [2006/10/20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\ConfigFree\NotifyCFF.dll MOD - [2006/10/10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - File not found [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt -- (MySQL) SRV - [2012/03/29 15:13:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2012/01/06 19:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360) SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/04/29 12:52:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/04/17 19:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache) SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/02/22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwmodem.sys -- (btwmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/03/15 04:28:52 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120403.002\IDSvix86.sys -- (IDSVix86) DRV - [2012/03/11 14:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2012/03/11 14:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2012/03/11 14:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/03/02 19:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/02/04 11:05:06 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/02/04 11:05:05 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/12/16 11:26:12 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302) DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/08/10 10:36:28 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso) DRV - [2011/08/04 09:59:38 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120403.022\NAVEX15.SYS -- (NAVEX15) DRV - [2011/08/04 09:59:38 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120403.022\NAVENG.SYS -- (NAVENG) DRV - [2011/06/07 17:04:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys -- (SYMTDIv) DRV - [2011/03/31 04:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys -- (SRTSP) DRV - [2011/03/31 04:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/15 03:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA) DRV - [2011/01/27 07:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS) DRV - [2011/01/27 06:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON) DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/01/03 09:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/12/21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/12/21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/12/21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv) DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010/06/23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010/03/04 10:02:04 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka) DRV - [2009/06/19 22:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007/11/11 16:02:01 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2007/10/27 15:14:52 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2007/10/27 15:14:52 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007/01/24 15:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2007/01/13 09:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/01/12 22:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007/01/12 22:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006/12/19 09:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006/07/28 17:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files\HotSpot_International\tbHotS.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {0c5f997d-f664-4afb-9652-ea7fd92f383d} - C:\Program Files\PriceGongbar\prxtbPric.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files\HotSpot_International\tbHotS.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\URLSearchHook: {0c5f997d-f664-4afb-9652-ea7fd92f383d} - C:\Program Files\PriceGongbar\prxtbPric.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_enGB253 IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes\{A3BAA735-798D-4D01-8651-CD93AC38B9AB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15528&l=dis IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\SearchScopes\{FC52897E-BD69-4079-9C29-4D483542B842}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Neil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/04 17:41:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012/04/03 18:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 15:32:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 17:05:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 11:06:27 | 000,000,000 | ---D | M] [2009/11/20 13:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neil\AppData\Roaming\Mozilla\Extensions [2012/03/30 14:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions [2012/02/15 14:32:49 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2010/12/29 13:24:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/01/25 10:08:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/03/30 14:08:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/01/31 15:25:29 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\t5b05sxa.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012/01/14 18:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/04/11 11:29:34 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012/03/19 17:05:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/10/14 17:21:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/10/14 17:21:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/14 17:21:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/14 17:21:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/14 17:21:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: PriceGong = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.2_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files\HotSpot_International\tbHotS.dll (Conduit Ltd.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (PriceGongbar Toolbar) - {0c5f997d-f664-4afb-9652-ea7fd92f383d} - C:\Program Files\PriceGongbar\prxtbPric.dll (Conduit Ltd.) O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.2\PriceGongIE.dll (PriceGong) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files\HotSpot_International\tbHotS.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PriceGongbar Toolbar) - {0c5f997d-f664-4afb-9652-ea7fd92f383d} - C:\Program Files\PriceGongbar\prxtbPric.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Program Files\HotSpot_International\tbHotS.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000..\Run: [Facebook Update] C:\Users\Neil\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Neil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html File not found O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN File not found O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..Trusted Domains: kaupthingedge.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..Trusted Domains: naxfun.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..Trusted Domains: powervps.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..Trusted Domains: sourceforge.net ([]https in Trusted sites) O15 - HKU\S-1-5-21-1959831703-652381354-3546698765-1000\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/53.13/uploader2.cab (UploadListView Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208181957240 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} http://www.cig.canon-europe.com/ph/en_GB/st/download/ddup/CNIMGUP_01_210102E.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D144A5AB-B7CD-428D-8DEA-19F4365A6721}: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E887BCB6-F520-44A6-AB88-5EFA89111F02}: NameServer = 10.20.8.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\Windows\Downloaded Program Files\mimectl.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/04 10:05:35 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{C3DBF472-3083-4935-B6D4-D55FF3690F89} [2012/04/03 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{79405E1D-5754-4809-8AAE-7638284291C3} [2012/04/03 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{C7EF891E-CEA3-4B41-BD53-BD27278C651D} [2012/04/03 09:53:35 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Malwarebytes [2012/04/03 09:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/03 09:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/03 09:53:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/03 09:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/03 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{74C19F61-3906-4E1A-B184-AC01A776C585} [2012/04/03 09:16:17 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{4F6B4AD6-D997-4455-B2A3-301DC1EAEBEF} [2012/04/02 20:07:23 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{073721D9-05EC-46DC-B9DA-1885ABF9325A} [2012/04/02 20:07:12 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{DCC71245-3584-4089-A4A1-AB54FF352B97} [2012/04/02 18:01:36 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{BF42B1FF-A583-42FE-8A5A-AD237291BCA1} [2012/04/02 18:00:13 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{90E4EC8E-F818-4933-A671-53A66495F4FA} [2012/04/02 09:12:53 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{F44A7FBA-C65C-40AF-BF85-84C8FDAFDF7C} [2012/04/02 09:12:27 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{202EC04A-9B86-40E0-952D-E637D1037DC0} [2012/04/01 11:18:33 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{786800B1-D985-443B-8B5C-9EB15F57B2FD} [2012/04/01 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{7712331D-75BB-489F-8213-EA8E9B623E93} [2012/03/30 09:02:37 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{CCFD171C-C95E-44AA-8D01-1E372E94D22A} [2012/03/29 14:58:44 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 08:42:18 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{50685CF7-5B87-40D1-BEF0-4DDA9FB9D403} [2012/03/28 09:23:48 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{E03C64E4-9CF8-4CD5-ACAB-BF162B7ED870} [2012/03/28 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{CBE5896A-64D4-452D-A956-E0FF043F0E27} [2012/03/27 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{F2B6D08B-6E8F-410B-A113-8ED77E46F8DF} [2012/03/27 21:17:03 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{F9BE41CA-0C70-4E8E-8799-09C2BE5B37E3} [2012/03/27 09:16:05 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{95855272-8930-4C4E-9655-E8BF8FD3A134} [2012/03/27 09:15:11 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{6942420E-BA0A-414D-A233-7DA221AC184B} [2012/03/26 08:47:38 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{5901D338-EE11-415B-8FF1-EDA0B6806898} [2012/03/26 08:47:01 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{3EE3BC67-C325-44BB-BA89-B6EDF0066B41} [2012/03/25 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{D5302D84-64E7-4F2A-9FE4-874503CC16DB} [2012/03/25 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{2275919E-B20A-4FB4-8B32-3D085006B7FA} [2012/03/24 09:16:04 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{298637D0-7277-4ADB-BB3A-636759D5E254} [2012/03/24 09:15:01 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{AA4995B1-4EA7-4ADB-B4CF-0B314166999D} [2012/03/23 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{6F00148C-BC41-4878-A418-44B334461B5D} [2012/03/23 16:43:09 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{4351B518-6DD2-440D-92E3-AD0CEBE42D6F} [2012/03/22 09:03:14 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{652C5682-4AC3-41D7-AD5E-53A810931391} [2012/03/22 09:02:19 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{DF4810DE-A508-4193-9AB6-BB03CC251319} [2012/03/21 08:33:15 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{6CCB6653-FD19-49A4-A142-8B322FA068A1} [2012/03/21 08:32:49 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{0C9985C7-4205-4EE7-81ED-5CFE4CDB71AF} [2012/03/20 10:15:36 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{A2968949-7011-4A95-BDB4-035983F3941E} [2012/03/20 10:14:48 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{327C4896-DF45-425F-A3D1-37D8DD7414B5} [2012/03/19 09:37:01 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{BF9481E8-92B6-4C95-9D0C-D9E60B1B220A} [2012/03/19 09:36:12 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{BCDA1092-CD09-4F69-A4F4-437D48A62D8F} [2012/03/18 11:24:29 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{E824F225-70BE-4487-8CE3-63B51CD3661C} [2012/03/18 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{3DB06F78-E836-4133-B32D-257B0D8EDF82} [2012/03/17 11:45:34 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{EFA6EC9E-3403-456C-920D-EA01159D3BFC} [2012/03/17 11:45:00 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{1455F82D-01A2-44D2-BF4A-683866A6CB94} [2012/03/16 17:16:39 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/03/16 16:43:43 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/03/16 16:39:17 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/03/16 16:39:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/03/16 16:39:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/03/16 16:39:13 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/03/16 16:39:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/03/16 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{5DAE9C0F-0EB8-4452-8E6D-67B3489D4A7B} [2012/03/16 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\{93B074F2-A9CC-4AB6-840E-6E746BBEBCB0} [2012/03/11 14:48:50 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Neil\Documents\*.tmp files -> C:\Users\Neil\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/04 12:00:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/04 12:00:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/04 11:58:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C228C983-DB29-49A0-8CBF-A974A4ED6902}.job [2012/04/04 11:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/04 11:13:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/04 10:20:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1959831703-652381354-3546698765-1000UA.job [2012/04/04 10:03:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/04 10:01:33 | 000,012,978 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\nvModes.dat [2012/04/04 10:01:33 | 000,012,978 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\nvModes.001 [2012/04/04 10:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/03 20:23:59 | 000,000,642 | ---- | M] () -- C:\Users\Neil\Documents\regbak.reg [2012/04/03 19:01:28 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/03 19:01:28 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/03 18:54:07 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys [2012/04/03 18:51:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/04/03 13:20:12 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1959831703-652381354-3546698765-1000Core.job [2012/04/03 09:53:25 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/03 09:23:01 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/03/29 15:13:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 15:13:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/03/28 02:17:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\isolate.ini [2012/03/19 15:31:24 | 000,163,840 | ---- | M] () -- C:\Users\Neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/19 10:34:04 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012/03/17 17:50:34 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012/03/16 18:35:18 | 000,000,934 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/03/16 18:19:45 | 001,848,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/11 14:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Neil\Documents\*.tmp files -> C:\Users\Neil\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/03 20:23:59 | 000,000,642 | ---- | C] () -- C:\Users\Neil\Documents\regbak.reg [2012/04/03 09:53:25 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/29 14:58:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011/05/19 13:07:37 | 000,001,940 | ---- | C] () -- C:\Users\Neil\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010/08/07 15:05:22 | 000,001,306 | ---- | C] () -- C:\Users\Neil\AppData\Roaming\wklnhst.dat [2010/08/06 15:59:23 | 000,000,344 | ---- | C] () -- C:\Users\Neil\AppData\Local\RAExpertHistory.xml [2010/05/13 22:51:35 | 000,000,551 | ---- | C] () -- C:\Users\Neil\AppData\Roaming\AutoGK.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:1493A0EF @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
  12. Hi, I was recently traffic managed by my internet provider for excessive traffic although I wasn't to my knowledge doing anyhing other than browsing we pages. I have Norton 360 instlled and a full scan found no roblem. I checked my wireless router and security was fine and only my Ip bieng used. I downloaded Malwarebytes and ran it, it found to my amazement a few issues (aabout 5 trojans) that it removed, one item however remains and although there is an option to delete it I'm not sure it is the end ot things. Here is the latest MB log:- Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Neil :: TOSH [administrator] Protection: Enabled 04/04/2012 10:46:39 mbam-log-2012-04-04 (10-57-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222294 Time elapsed: 10 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I looken in the registry and see that this calss is associated with iexplore, I checked the add-ons in Iexplorer 9 and couldn't see this item. My Iexplorer, Firepox and Window Live Mail client are giving my quite a number of "not responding" messages. Do you think I am still infected? Can I remove this PUP.MyWebSearch key? should I run the dds program and repost back here? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.