I face a problem of a frozen screen when I start working, specially when windows defend starts its periodic scanning and when I insert a USB which I was sure it had lots of viruses. I have avast as an antivirus. I used to have mcaffe but I uninstalled it using the instructions provided on this website. I tried to do an online Panda scan and safe avast scan, but the screen also became frozen.
It also got frozen after the malwarebyte scanning was finished (one malware was detected)
Root Repeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/31 08:12
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8F40A000 Size: 819200 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB4335000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!
==EOF==
OTL log::
OTL:
OTL logfile created on: 31/08/2009 08:24:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Toshiba\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.58% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 74.30 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 113.88 Gb Total Space | 105.77 Gb Free Space | 92.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-PC
Current User Name: Toshiba
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/06/20 04:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/08/17 18:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 19:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/10/29 09:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/25 11:00:32 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/01/25 11:00:14 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/25 11:00:24 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/01/09 17:02:08 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/09/28 19:03:46 | 00,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/07/10 12:24:10 | 00,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/11/29 19:58:52 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/10/25 19:41:18 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/01/25 11:00:28 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/17 18:27:52 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/25 13:22:14 | 00,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/22 16:25:26 | 00,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/11/12 14:21:53 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/17 19:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/12/29 12:06:02 | 00,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2009/03/20 14:32:32 | 01,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/01/21 05:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/25 13:24:08 | 02,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/09 19:04:10 | 00,117,568 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
PRC - [2009/01/28 22:52:42 | 10,950,144 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2007/09/09 06:51:40 | 00,488,728 | ---- | M] (Dassault Systemes) -- C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2008/01/22 13:00:30 | 04,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 05:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/10/29 17:30:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 21:39:42 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/01/22 23:13:08 | 00,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2007/12/25 16:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/12/09 19:04:10 | 00,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/05/10 22:57:28 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/11/21 20:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2008/01/17 18:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/09/28 19:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/12/03 19:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2006/08/23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/08/21 15:18:59 | 00,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe
PRC - [2007/10/18 00:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/08/17 19:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 19:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/12/25 16:06:52 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/03/09 13:44:12 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/11/26 12:35:00 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/11/26 12:35:40 | 00,137,728 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
PRC - [2007/11/29 19:59:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/01/21 05:25:32 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
PRC - [2008/01/21 05:23:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
PRC - [2008/12/31 17:04:48 | 00,942,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WgaTray.exe
PRC - [2009/03/03 05:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/08/31 06:06:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/08/17 18:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 19:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 19:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 19:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/27 21:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/12/25 16:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/21 05:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 15:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/21 05:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 04:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2006/12/09 19:04:10 | 00,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent [Auto | Running])
SRV - [2008/02/15 17:35:36 | 01,836,544 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/02/15 17:33:58 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 04:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/06/20 04:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/10 22:57:28 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2008/10/22 18:27:17 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2008/01/21 18:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2007/11/21 20:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2008/01/17 18:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2007/09/28 19:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2007/12/03 19:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV - [2006/08/23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2009/08/21 15:18:59 | 00,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe -- (UserAccess7 [Auto | Running])
SRV - [2008/01/21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/10/18 00:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ebaa.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = stuproxy.kfupm.edu.sa:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "4shared Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.balagh.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.backup.ftp: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.failover_timeout: 5
FF - prefs.js..network.proxy.ftp: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.kfupm.edu.sa,10.*"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.ssl: "stuproxy.kfupm.edu.sa"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/18 18:15:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/11 22:16:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/21 17:48:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/17 17:39:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 10:40:37 | 00,000,000 | ---D | M]
[2008/11/01 19:46:59 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions
[2008/11/01 19:46:59 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/27 09:57:29 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\z62y2zh9.default\extensions
[2009/05/28 10:19:17 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\z62y2zh9.default\extensions\[email protected]
[2009/04/30 13:09:42 | 00,000,897 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\FireFox\Profiles\z62y2zh9.default\searchplugins\conduit.xml
[2009/08/26 15:50:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/17 17:39:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/26 15:50:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/18 18:14:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/09 11:42:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/17 17:38:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/17 17:38:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/04 10:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/09/04 03:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/17 17:38:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/21 08:24:52 | 00,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/12 14:21:46 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/12 14:21:46 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/12 14:21:47 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/12 14:21:47 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/12 14:21:47 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/12 14:21:47 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/12 14:21:47 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/17 17:38:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/17 17:38:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/03 10:03:57 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/08/17 17:38:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/17 17:38:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/17 17:38:50 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/17 17:38:50 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/17 17:38:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/17 17:38:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (XBTP09109 Class) - {48140109-A8D2-4574-95FC-08940903F153} - C:\PROGRA~1\COMMON~1\System\xp\tbuEBD6\xp.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (xp) - {8E755F64-040B-4A43-8481-A3BEF4987F07} - C:\Program Files\Common Files\System\xp\tbuEBD6\xp.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2367DE4F-065D-4638-8C41-4682D7969BAD} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (xp) - {8E755F64-040B-4A43-8481-A3BEF4987F07} - C:\Program Files\Common Files\System\xp\tbuEBD6\xp.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CMS_Freedur] C:\Users\Toshiba\AppData\Roaming\Freedur\freedur.exe File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found
O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systemes)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: الدليل السريع - C:\Windows\ww80.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} - File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (AVM Software Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kfupm.edu.sa ([webcourses] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.140.1.160 10.140.3.165
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{350e6059-067b-11de-bab1-001e68422259}\Shell\AutoRun\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{350e6059-067b-11de-bab1-001e68422259}\Shell\open\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{3e3d1b24-a89b-11dd-b082-001e68422259}\Shell\AutoRun\command - "" = System\DriveGuard\DriveProtect.exe -run
O33 - MountPoints2\{3e3d1b24-a89b-11dd-b082-001e68422259}\Shell\Explore\Command - "" = System\DriveGuard\DriveProtect.exe -run
O33 - MountPoints2\{3e3d1b24-a89b-11dd-b082-001e68422259}\Shell\Open\Command - "" = System\DriveGuard\DriveProtect.exe -run
O33 - MountPoints2\{b7ff779e-5914-11de-8e33-001e68422259}\Shell\AutoRun\command - "" = D:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{b7ff779e-5914-11de-8e33-001e68422259}\Shell\open\command - "" = D:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{b7ff77ae-5914-11de-8e33-001e68422259}\Shell\AutoRun\command - "" = D:\lad.bat -- File not found
O33 - MountPoints2\{b7ff77ae-5914-11de-8e33-001e68422259}\Shell\open\Command - "" = D:\lad.bat -- File not found
O33 - MountPoints2\{f48a3e9b-d49f-11dd-b15c-001e68422259}\Shell\AutoRun\command - "" = 2w.cmd
O33 - MountPoints2\{f48a3e9b-d49f-11dd-b15c-001e68422259}\Shell\explore\Command - "" = 2w.cmd
O33 - MountPoints2\{f48a3e9b-d49f-11dd-b15c-001e68422259}\Shell\open\Command - "" = 2w.cmd
O33 - MountPoints2\G\Shell\AutoRun\command - "" = zPharaoh.exe
O33 - MountPoints2\G\Shell\explore\command - "" = zPharaoh.exe
O33 - MountPoints2\G\Shell\open\command - "" = zPharaoh.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/08/31 08:21:37 | 00,027,648 | ---- | C] () -- C:\Users\Toshiba\Desktop\Hi.doc
[2009/08/31 08:06:41 | 00,000,000 | ---- | C] () -- C:\Users\Toshiba\Desktop\settings.dat
[2009/08/31 06:09:35 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/31 06:08:52 | 00,000,918 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/31 06:08:46 | 00,000,719 | ---- | C] () -- C:\Users\Toshiba\Desktop\ERUNT.lnk
[2009/08/31 06:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/31 06:06:11 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2009/08/31 06:04:54 | 00,472,064 | ---- | C] ( ) -- C:\Users\Toshiba\Desktop\RootRepeal.exe
[2009/08/31 05:57:49 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Toshiba\Desktop\erunt_setup.exe
[2009/08/31 05:57:05 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Toshiba\Desktop\SysRestorePoint.exe
[2009/08/31 05:17:36 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\TFC.exe
[2009/08/30 22:05:06 | 21,374,48448 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 18:16:42 | 00,171,018 | ---- | C] () -- C:\Users\Toshiba\Desktop\dmam9.tiff
[2009/08/28 13:32:27 | 00,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Artwroks - Copy
[2009/08/27 12:40:49 | 00,000,426 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{3765DE8A-9B5C-4F74-AAE3-717BFA91FDB6}.job
[2009/08/27 12:26:34 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/26 15:52:52 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/26 15:52:48 | 00,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\skypePM
[2009/08/26 15:50:38 | 00,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Skype
[2009/08/26 15:49:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/26 15:49:13 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/08/26 15:48:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/08/26 08:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/08/21 15:19:15 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/08/21 15:19:15 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/08/21 15:18:59 | 00,126,976 | ---- | C] () -- C:\Windows\System32\UAService7.exe
[2009/08/21 15:18:59 | 00,090,112 | ---- | C] () -- C:\Windows\System32\CmdLineExt.dll
[2009/08/21 14:53:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/08/21 14:53:20 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/08/21 14:53:20 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/08/21 14:53:19 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/08/21 14:53:19 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/21 14:52:54 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/08/21 14:52:54 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/08/21 14:52:54 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/21 14:52:52 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/19 14:38:10 | 00,000,800 | ---- | C] () -- C:\Windows\System32\PCProxy.ini
[2009/08/19 14:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\Anonymous Web Surfing
[2009/08/19 14:24:25 | 00,000,000 | ---D | C] -- C:\Program Files\HYDEme Client
========== Files - Modified Within 14 Days ==========
[2009/08/31 08:27:00 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3765DE8A-9B5C-4F74-AAE3-717BFA91FDB6}.job
[2009/08/31 08:21:38 | 00,027,648 | ---- | M] () -- C:\Users\Toshiba\Desktop\Hi.doc
[2009/08/31 08:06:41 | 00,000,000 | ---- | M] () -- C:\Users\Toshiba\Desktop\settings.dat
[2009/08/31 08:02:52 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/31 08:02:52 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/31 08:02:52 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/31 07:55:25 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 07:55:24 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 07:55:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/31 07:54:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/31 07:54:23 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 06:32:01 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1243907514-1255427479-349122612-1000UA.job
[2009/08/31 06:08:52 | 00,000,918 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/31 06:08:46 | 00,000,719 | ---- | M] () -- C:\Users\Toshiba\Desktop\ERUNT.lnk
[2009/08/31 06:06:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2009/08/31 06:04:54 | 00,472,064 | ---- | M] ( ) -- C:\Users\Toshiba\Desktop\RootRepeal.exe
[2009/08/31 05:58:01 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Toshiba\Desktop\erunt_setup.exe
[2009/08/31 05:57:08 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Toshiba\Desktop\SysRestorePoint.exe
[2009/08/31 05:17:39 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\TFC.exe
[2009/08/30 22:05:03 | 15,305,0379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/30 15:32:00 | 00,000,826 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1243907514-1255427479-349122612-1000Core.job
[2009/08/29 18:16:45 | 00,171,018 | ---- | M] () -- C:\Users\Toshiba\Desktop\dmam9.tiff
[2009/08/27 12:31:19 | 02,126,950 | -H-- | M] () -- C:\Users\Toshiba\AppData\Local\IconCache.db
[2009/08/27 08:21:48 | 00,447,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/26 15:52:52 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/08/24 15:21:31 | 00,141,072 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/21 15:19:15 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/08/21 15:19:15 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/08/21 15:18:59 | 00,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe
[2009/08/21 15:18:59 | 00,090,112 | ---- | M] () -- C:\Windows\System32\CmdLineExt.dll
[2009/08/21 14:53:19 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/08/19 14:44:23 | 00,000,800 | ---- | M] () -- C:\Windows\System32\PCProxy.ini
[2009/08/17 19:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/08/17 19:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/08/17 19:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/17 19:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/17 19:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/08/17 19:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/08/17 19:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
========== LOP Check ==========
[2009/08/26 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming
[2009/07/13 18:14:19 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ahead
[2009/02/07 06:20:37 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Babylon
[2009/02/17 22:55:07 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Cool Record Edit Deluxe
[2009/08/20 07:02:04 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\COWON
[2008/10/23 10:33:42 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\CyberPower Audio Editing Lab
[2009/03/20 06:19:29 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DMCache
[2009/07/16 23:38:11 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DNA
[2008/10/19 19:07:39 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DWGeditor
[2009/08/31 06:40:08 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Free Download Manager
[2009/07/22 20:08:20 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Freedur
[2008/10/22 21:01:23 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\GrabPro
[2008/10/22 18:18:30 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\IM
[2008/11/12 14:24:23 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ldoce4
[2006/11/02 15:37:34 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Media Center Programs
[2009/02/19 10:32:44 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\NCH Swift Sound
[2009/04/22 12:31:01 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Nokia
[2008/10/22 21:27:32 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Orbit
[2009/02/21 23:37:43 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Paltalk
[2009/04/29 08:20:16 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\PC Suite
[2009/02/19 10:32:42 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Recordpad
[2008/11/12 14:23:57 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SecuROM
[2008/10/19 19:17:12 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\sldIM
[2009/08/30 05:01:59 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SolidWorks
[2008/10/22 18:36:52 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\SolidWorks 2008
[2009/04/24 08:37:55 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Thinstall
[2009/07/13 10:54:42 | 00,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2009/08/30 15:32:00 | 00,000,826 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243907514-1255427479-349122612-1000Core.job
[2009/08/31 06:32:01 | 00,000,878 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243907514-1255427479-349122612-1000UA.job
[2009/08/31 07:55:18 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/31 05:49:06 | 00,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/18 18:14:03 | 00,000,398 | ---- | M] () -- C:\Windows\Tasks\Schedule Task Weekly.job
[2009/08/31 08:27:00 | 00,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3765DE8A-9B5C-4F74-AAE3-717BFA91FDB6}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
< %systemroot%\system32\scecli.dll >
[2008/01/21 05:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
[2006/11/02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
*Extra:
OTL Extras logfile created on: 31/08/2009 08:24:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Toshiba\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.58% Memory free
4.00 Gb Paging File | 3.09 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 74.30 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 113.88 Gb Total Space | 105.77 Gb Free Space | 92.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-PC
Current User Name: Toshiba
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1243907514-1255427479-349122612-1000]
"EnableNotificationsRef" = 4
"EnableNotifications" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6BC9D-73F1-4059-AB75-9EE1AEC4D809}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0468397E-42F3-475A-B2DF-FC80589E151F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{189CF67E-5360-4666-86CF-A5BAAAAD6FE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{280FDCBC-009E-4D5E-91B6-C7EFAD3890FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FD64BFC-9936-4E77-AB5E-E5435D249879}" = lport=138 | protocol=17 | dir=in | app=system |
"{70CC889A-DE7F-4CB6-B926-743633DF64FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{7708FC45-7318-4137-B5C9-5C1774E1D95B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D654300-B989-4321-976F-9449D65AD6CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{9656A947-FA60-447B-8ACA-408433FABA68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A8E8D8F4-23C2-4FE8-9E43-67AAAAE02239}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB922734-E831-4731-ABF3-597FAFAB9C23}" = lport=137 | protocol=17 | dir=in | app=system |
"{EB0F0387-BBB7-4E23-86E2-499E622D7BAD}" = rport=138 | protocol=17 | dir=out | app=system |
"{F3BFB7D1-7CA7-41C1-8EF5-7ABD9A190407}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ABD6EC-EF80-433B-B443-0E5820CDF905}" = protocol=58 | dir=out | [email protected],-28546 |
"{151D2011-8949-4171-AD84-E3F1A8D60330}" = protocol=17 | dir=in | app=c:\program files\solidworks\solidworks explorer\solidworksexplorer.exe |
"{208333CA-E23D-4259-83A3-5907959CA78A}" = protocol=6 | dir=in | app=c:\program files\hide the ip 2009\hidetheip.exe |
"{3255BF8E-5956-447A-B5FF-26FF0E7387D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4047919B-F25D-47BB-A3BC-1F8A132E3F15}" = protocol=58 | dir=in | [email protected],-28545 |
"{5E1B84C3-30FB-4352-AE17-1AF32A1BA81E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6489C78C-EB81-430B-8695-42D968FC6F10}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{713616F7-524A-44BF-BFA0-B3F339EA8A59}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85E596E6-B91A-43C5-8AC4-2C139DC380DF}" = protocol=1 | dir=in | [email protected],-28543 |
"{8E444FD4-4EA4-4C74-8D93-FB73491BABD3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{AD624389-6046-4F6E-88D1-51298A4E7D2B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B95BC185-8B1D-4C19-AF6D-60D2545D6803}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1D5A23C-DFF8-42F6-9668-76C1099468E9}" = protocol=17 | dir=in | app=c:\program files\hide the ip 2009\hidetheip.exe |
"{C22E3D07-FFBA-4F86-AAC2-F056CE609BDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4A5EA9E-1D26-465F-800C-307F2A7AC0A9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CCEC183A-1C35-40EA-9491-111E159FA2D4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D78C78C9-78E8-44B9-9096-84142D1281D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5FD7CEF-947D-452B-BBB0-B429170B3AD9}" = protocol=6 | dir=in | app=c:\program files\solidworks\solidworks explorer\solidworksexplorer.exe |
"{EAC31BE2-F343-4D3A-9B21-7623A0B28688}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED4F223A-2098-401B-870B-4DB2F0C48CD4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F63F1FD0-9A87-4A56-BF10-F854A5E8DB6A}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{1505F901-A66F-4690-B421-16226B7EC407}C:\users\toshiba\appdata\local\temp\rarsfx0\paltalk.exe" = protocol=6 | dir=in | app=c:\users\toshiba\appdata\local\temp\rarsfx0\paltalk.exe |
"TCP Query User{20D90D55-E17D-48C7-89D4-3B83CE2B8983}C:\program files\icuii\icuii.exe" = protocol=6 | dir=in | app=c:\program files\icuii\icuii.exe |
"TCP Query User{4127A877-1FD0-462D-B908-D924D3983A1C}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{4262600C-2A97-4583-B48E-99207D24C059}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{4C01A552-46DB-4F20-A9AB-0EDE727FF0E9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6A6B8ACA-F049-413D-8002-4CACB83E1A93}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0C62774-7049-4F07-AB8F-5CF419F3BE8A}C:\users\toshiba\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\toshiba\program files\dna\btdna.exe |
"TCP Query User{B8AF0EAD-B4FE-497A-A99E-1BEFF3DA12F5}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{DF2DDA21-71E0-4048-87DF-BB42F976E4A5}C:\users\toshiba\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\toshiba\program files\dna\btdna.exe |
"TCP Query User{E2E275D6-0993-49DC-AFA3-93BB72C40E45}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{E8B85F8F-E517-4B4F-B7D7-2094EB356DB5}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"TCP Query User{EA77BEBD-6F7C-4918-B990-4D66D3DC93F1}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EEA49514-995D-46C4-9D2F-71AFDACD5D9A}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{0DACA0DA-5BED-4E37-9CB1-A214FAC4CBF8}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{2AAE370B-4CDA-4794-8539-CCD0FAD5BF18}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{5B31C048-18F1-4775-8982-653B7E606719}C:\users\toshiba\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\toshiba\program files\dna\btdna.exe |
"UDP Query User{63CD885C-858B-4117-939A-D4D93B85F706}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{762B6D65-BECC-4D24-83B8-AF285A34621A}C:\program files\icuii\icuii.exe" = protocol=17 | dir=in | app=c:\program files\icuii\icuii.exe |
"UDP Query User{7FC851A4-2884-480D-8E61-12242ED85E73}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{9D77316A-3602-4AA0-84BA-F9D2F724E8D2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A3E081DB-27B3-4DCD-8B30-4815BD517990}C:\users\toshiba\appdata\local\temp\rarsfx0\paltalk.exe" = protocol=17 | dir=in | app=c:\users\toshiba\appdata\local\temp\rarsfx0\paltalk.exe |
"UDP Query User{AACFC707-1A28-43F0-96CF-BFC589283EF8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{AAE87C3C-4DDC-41B2-8752-A7392582EA6F}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{CD08AB3A-69AF-45DE-BBED-3158DFAD61FA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DAE55452-7EC3-4B82-AC01-BA484868BC5C}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"UDP Query User{FABAB010-09D8-4D77-B4A0-83144CB00AEE}C:\users\toshiba\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\toshiba\program files\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AC416C3-A600-4A98-B5E1-A629498241DB}" = Adobe Illustrator 10 Tryout
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{0FFC026D-9906-441B-9EDA-5C0668927407}" = SolidWorks 2008 SP0
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}" = Microsoft Firewall Client
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0017-0401-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Arabic) 2007
"{90120000-0017-0401-0000-0000000FF1CE}_OMUI.ar-sa_{14635BAD-0CD2-4FD4-AC29-66AA72E0ABF9}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.ar-sa_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.ar-sa_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.ar-sa_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0401-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Arabic) 2007
"{90120000-0044-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_OMUI.ar-sa_{2BF4A888-AB1A-4569-A7A3-B38F9C7CF7BF}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_OMUI.ar-sa_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0401-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Arabic) 2007
"{90120000-00A1-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.ar-sa_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0100-0401-0000-0000000FF1CE}" = Microsoft Office O MUI (Arabic) 2007
"{90120000-0100-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0101-0401-0000-0000000FF1CE}" = Microsoft Office X MUI (Arabic) 2007
"{90120000-0101-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0401-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
"{90120000-0114-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"avast!" = avast! Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"CyberPower Audio Editing Lab_is1" = CyberPower Audio Editing Lab 13.3.1
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"FLV Player" = FLV Player 2.0, build 23
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Full
"ldoce4v2" = LONGMAN Dictionary of Contemporary English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"mpegable Player" = mpegable Player
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"My Journal_is1" = My Journal 1.0
"myphotobook" = myphotobook 3.5
"Nokia PC Suite" = Nokia PC Suite
"OMUI.ar-sa" = Microsoft Office Language Pack 2007 - Arabic العربية
"PalTalk8.2" = PaltalkScene
"Picasa2" = Picasa 2
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Recordpad" = Recordpad
"ST6UNST #1" = Golden Al-Wafi Translator
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"WebDesigner" = Microsoft Expression Web Trial
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"المورد القريب" = المورد القريب
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 21/08/2009 08:07:30 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 21/08/2009 08:07:38 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 21/08/2009 08:08:26 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 21/08/2009 08:08:26 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 21/08/2009 08:08:29 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 21/08/2009 08:13:39 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
Error - 30/08/2009 09:09:47 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Toshiba\AppData\Roaming\Microsoft\Office\Recent\English 214.LNK failed,
00000026.
Error - 30/08/2009 14:39:20 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 30/08/2009 14:39:20 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 30/08/2009 14:39:30 | Computer Name = Toshiba-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Malwarebyte log:
Malwarebytes' Anti-Malware 1.40
Database version: 2720
Windows 6.0.6001 Service Pack 1
31/08/2009 08:39:06
mbam-log-2009-08-31 (08-39-06).txt
Scan type: Quick Scan
Objects scanned: 92092
Time elapsed: 6 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Regards
Edited by Kokuson, 01 September 2009 - 08:05 AM.
Sign In
Create Account
