These are very long, sorry ^^;
Here is the MBR Scan log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 12:12:17
-----------------------------
12:12:17.585 OS Version: Windows 6.0.6002 Service Pack 2
12:12:17.585 Number of processors: 2 586 0xF0D
12:12:17.585 ComputerName: USER-PC UserName: User
12:12:39.232 Initialize success
12:12:40.698 AVAST engine defs: 11101000
12:12:52.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:12:52.805 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
12:12:52.836 Disk 0 MBR read successfully
12:12:52.852 Disk 0 MBR scan
12:12:52.852 Disk 0 Windows VISTA default MBR code
12:12:52.852 Disk 0 scanning sectors +298696704
12:12:52.945 Disk 0 scanning C:\Windows\system32\drivers
12:13:07.704 Service scanning
12:13:10.285 Modules scanning
12:13:25.081 Disk 0 trace - called modules:
12:13:25.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll iaStor.sys
12:13:25.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86678ac8]
12:13:25.112 3 CLASSPNP.SYS[883178b3] -> nt!IofCallDriver -> [0x85545f08]
12:13:25.547 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85546028]
12:13:26.897 AVAST engine scan C:\Windows
12:13:30.974 AVAST engine scan C:\Windows\system32
12:15:12.871 AVAST engine scan C:\Windows\system32\drivers
12:15:23.936 AVAST engine scan C:\Users\User
12:44:17.875 AVAST engine scan C:\ProgramData
12:51:40.794 Scan finished successfully
12:52:43.328 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
12:52:43.421 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
And the OTL log:OTL logfile created on: 18/11/2011 1:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.38% Memory free
3.97 Gb Paging File | 2.43 Gb Available in Paging File | 61.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.60 Gb Total Space | 38.17 Gb Free Space | 28.57% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/18 12:53:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/10/28 22:33:08 | 003,292,248 | ---- | M] () -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/04 03:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/21 23:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/10 07:14:00 | 000,275,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\RMTray.exe
PRC - [2008/12/09 03:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/02/12 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (No Company Name) ========== MOD - [2011/10/28 22:33:08 | 003,292,248 | ---- | M] () -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
MOD - [2011/02/08 15:42:14 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
========== Win32 Services (SafeList) ========== SRV - [2011/11/17 16:54:19 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/21 23:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/29 23:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/02/12 00:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ========== DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 17:33:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111007.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/13 01:54:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/13 01:54:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/04 03:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 03:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 03:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 03:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 03:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 03:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/02/03 12:52:26 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/21 23:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/21 23:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/21 23:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/21 23:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/21 23:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/21 23:28:17 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/21 23:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/21 07:53:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 11:11:17 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/19 20:37:06 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/04/17 23:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/14 18:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/03/03 18:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 10:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/16 15:36:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 16:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/04/09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.shoptoshiba.ca/welcomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.shoptoshiba.ca/welcomeIE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieIE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://ca.msn.com/?l...en-ca&OCID=iehpIE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 70 9A 69 64 A2 CC 01 [binary data]
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "
http://www.bing.com/...?FORM=IEFM1&q="FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.google.ca...en-US:official"FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems:
[email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..keyword.URL: "
http://www.bing.com/...?FORM=IEFM1&q=" FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "
http://www.wicso.com...ls=9LRXRl3W&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 18:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/14 07:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 08:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 09:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 09:02:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 18:40:55 | 000,000,000 | ---D | M]
[2009/06/09 16:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/09 15:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\
[email protected][2010/09/06 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions
[2009/09/02 14:17:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 14:14:58 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/08/22 18:41:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/16 20:37:17 | 000,000,000 | ---D | M] (Personas) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\04hvev54.default\extensions\
[email protected][2011/10/01 08:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions
[2010/05/12 17:29:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/01 08:10:51 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/04/12 14:53:53 | 000,000,000 | ---D | M] ("SealWeb Launcher") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\{d2d536a0-b6fc-11d5-9d10-0060b0fbd8ac}
[2011/05/10 12:27:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\
[email protected][2011/03/31 14:00:30 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4evzi3oj.Default User\extensions\
[email protected][2009/08/23 07:48:24 | 000,000,682 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\ask.xml
[2009/10/03 19:45:44 | 000,002,163 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\bing.xml
[2011/03/04 12:30:03 | 000,002,197 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\04hvev54.default\searchplugins\google-search.xml
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 16:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/13 09:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/11/13 09:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/14 07:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/10/14 07:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
File not found (No name found) -- C:\USERS\USER\PROGRAM FILES\DNA
[2011/09/30 19:44:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/19 16:29:47 | 000,024,684 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2011/09/30 19:44:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/01/05 11:29:01 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/10 08:10:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\User\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_RatchetClank_v2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3\
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe ()
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - ?p=ZCfox000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A7973F-7293-470D-84C9-27FB90201A74}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96708076-C1EE-4708-9E68-B5808BF4EE6F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa1ef27b-534c-11de-bd41-00238b594df1}\Shell\AutoRun\command - "" = E:\ConnectProSST.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/11/17 17:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 17:52:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/17 17:50:11 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\Documents\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Documents\Mabinogi
[2011/11/16 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/16 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/16 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/16 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/11/12 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/11/12 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/12 19:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/03 17:05:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Akamai
[2011/11/01 17:46:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Pokemon Online
[2011/11/01 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[6 C:\Users\User\Desktop\Documents\*.tmp files -> C:\Users\User\Desktop\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/11/18 13:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000UA.job
[2011/11/18 12:52:43 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2011/11/18 12:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 12:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 08:50:01 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegistryReviver-User-Startup.job
[2011/11/18 08:48:58 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-User-Startup.job
[2011/11/18 08:46:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 08:46:34 | 2005,782,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 19:09:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885195011-3334626357-3620496344-1000Core.job
[2011/11/17 17:52:13 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:51:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\Documents\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:46:17 | 001,545,858 | ---- | M] () -- C:\Users\User\Desktop\Documents\tdsskiller.zip
[2011/11/16 19:36:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/16 19:36:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/16 19:28:53 | 000,001,806 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/16 18:55:55 | 000,001,050 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/16 18:55:55 | 000,001,026 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/16 18:45:31 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/16 18:45:01 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/11/16 18:44:56 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/16 17:39:27 | 000,002,048 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011/11/16 17:39:27 | 000,002,010 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/13 09:24:19 | 287,663,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/13 09:14:18 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 09:14:18 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 09:11:48 | 000,026,624 | ---- | M] () -- C:\Users\User\Desktop\Documents\essay 347.wps
[2011/11/08 09:11:48 | 000,009,158 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2011/11/08 09:06:25 | 000,022,016 | ---- | M] () -- C:\Users\User\Desktop\Documents\essay outline.wps
[2011/11/07 20:18:40 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/06 18:55:44 | 000,016,665 | ---- | M] () -- C:\Users\User\Desktop\Documents\316823_2453226181065_1564366965_32448873_739236530_n.jpg
[2011/11/03 17:27:43 | 000,118,893 | ---- | M] () -- C:\Users\User\Desktop\Documents\slenderman.png
[2011/11/03 17:18:37 | 000,016,433 | ---- | M] () -- C:\Users\User\Desktop\Documents\2mwrok.jpg
[2011/11/03 17:16:26 | 000,021,181 | ---- | M] () -- C:\Users\User\Desktop\Documents\o6Ycq.jpg
[2011/11/01 18:32:30 | 000,057,684 | ---- | M] () -- C:\Users\User\Desktop\Documents\46646533165365e5.jpg
[2011/11/01 18:29:37 | 000,115,379 | ---- | M] () -- C:\Users\User\Desktop\Documents\heQqu.jpg
[2011/11/01 17:51:24 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2011/10/25 07:07:12 | 000,030,208 | ---- | M] () -- C:\Users\User\Desktop\Documents\Women and words Les femme et les motes conference mapping.wps
[6 C:\Users\User\Desktop\Documents\*.tmp files -> C:\Users\User\Desktop\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/11/18 12:52:43 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2011/11/18 08:46:34 | 2005,782,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/17 17:52:13 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:45:11 | 001,545,858 | ---- | C] () -- C:\Users\User\Desktop\Documents\tdsskiller.zip
[2011/11/16 19:36:02 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/11/16 19:36:02 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/16 19:28:47 | 000,001,806 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/16 18:55:55 | 000,001,050 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/16 18:55:55 | 000,001,026 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2011/11/16 18:45:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/08 09:06:25 | 000,022,016 | ---- | C] () -- C:\Users\User\Desktop\Documents\essay outline.wps
[2011/11/08 07:23:11 | 000,026,624 | ---- | C] () -- C:\Users\User\Desktop\Documents\essay 347.wps
[2011/11/07 20:18:40 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/06 18:55:43 | 000,016,665 | ---- | C] () -- C:\Users\User\Desktop\Documents\316823_2453226181065_1564366965_32448873_739236530_n.jpg
[2011/11/03 17:27:31 | 000,118,893 | ---- | C] () -- C:\Users\User\Desktop\Documents\slenderman.png
[2011/11/03 17:18:34 | 000,016,433 | ---- | C] () -- C:\Users\User\Desktop\Documents\2mwrok.jpg
[2011/11/03 17:16:25 | 000,021,181 | ---- | C] () -- C:\Users\User\Desktop\Documents\o6Ycq.jpg
[2011/11/01 18:32:26 | 000,057,684 | ---- | C] () -- C:\Users\User\Desktop\Documents\46646533165365e5.jpg
[2011/11/01 18:29:21 | 000,115,379 | ---- | C] () -- C:\Users\User\Desktop\Documents\heQqu.jpg
[2011/11/01 17:16:18 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2011/10/24 16:19:11 | 000,030,208 | ---- | C] () -- C:\Users\User\Desktop\Documents\Women and words Les femme et les motes conference mapping.wps
[2011/10/07 09:37:23 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/07 09:37:23 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/03/07 21:19:19 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/04 21:28:21 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/01/28 12:18:07 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/10/27 16:08:01 | 000,001,940 | ---- | C] () -- C:\Users\User\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/06 18:36:36 | 000,000,043 | ---- | C] () -- C:\Users\User\AppData\Roaming\AVSMediaPlayer.m3u
[2010/01/07 18:40:31 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/08 16:01:08 | 000,000,072 | ---- | C] () -- C:\Users\User\AppData\Local\rx_image.Cache
[2009/12/08 16:01:07 | 000,002,108 | ---- | C] () -- C:\Users\User\AppData\Local\rx_audio.Cache
[2009/12/03 22:06:33 | 000,077,350 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/11/11 23:04:59 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat
[2009/10/30 07:23:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/30 07:22:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 18:33:30 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/05 15:02:03 | 000,157,514 | ---- | C] () -- C:\Windows\hpoins28.dat.temp
[2009/07/05 15:02:03 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009/06/24 09:26:37 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2009/06/16 16:23:40 | 000,026,624 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/12 08:37:44 | 000,009,158 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2009/06/09 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/09 15:29:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/07 08:46:48 | 000,157,373 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/06/07 07:44:01 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/07 02:00:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/06 17:42:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/06/06 17:42:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/06/06 17:42:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/06/06 17:42:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/06/06 17:42:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/06/06 17:42:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/06/06 17:39:24 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/06/06 17:39:24 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/06/06 17:39:24 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/06/06 17:39:24 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/06/25 21:44:06 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/25 21:44:05 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/25 21:44:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/25 21:44:04 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/25 21:44:03 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/04/30 18:47:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/30 12:36:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/12 16:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,384,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,609,640 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,108,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ========== [2011/05/24 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011/10/28 20:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2010/06/11 12:35:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Facebook
[2009/09/27 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader
[2011/09/19 08:57:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
[2010/01/01 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUJIFILM
[2009/10/04 06:59:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2010/10/29 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2010/09/19 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/11/01 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pokemon Online
[2011/11/17 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Raptr
[2009/11/21 13:04:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2011/11/14 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011/11/16 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2009/06/12 08:37:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2009/06/08 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Toshiba
[2010/10/10 09:59:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2011/04/22 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/02/13 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/10/10 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2011/11/18 08:48:58 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-User-Startup.job
[2011/11/18 08:50:01 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegistryReviver-User-Startup.job
[2011/11/18 07:25:17 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 18:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 18:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D287FACF
< End of report >
And the Extras Log:OTL Extras logfile created on: 18/11/2011 1:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.38% Memory free
3.97 Gb Paging File | 2.43 Gb Available in Paging File | 61.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.60 Gb Total Space | 38.17 Gb Free Space | 28.57% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0966BCF4-8DA5-4516-8DBC-8C4B42B8E234}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AFF8EBB-343D-478C-9197-C6A626236116}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3E517785-DDC9-4286-971B-AF0C79F2E0D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7BE9B5E3-5E66-4CCD-B152-9B9B6E5EFB02}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B64CBA10-1198-49D1-B086-83DAD51D6BF5}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{B985B210-EE68-4A14-9551-34E2864259B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D22BE372-703C-4133-A4FC-F7E3695DAAC5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0472FC46-C5AA-47DE-800E-53D7819F4C77}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{0812920D-D02B-4FBA-9968-FD1E07B4ED5A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0A544FC0-C36D-4BC7-97C6-AF5A76742D39}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0D36ECF6-6D30-43FC-AA62-95CC24D65D7E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F97C849-DA0F-444D-9670-8A6F264E7235}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{264C7DDC-92F9-432A-A4A6-09AA7E1338B4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FD171EC-FAFB-45A9-85C8-5B536C547D86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{310E0EA4-B9A1-4985-BDD3-E293303FDCF0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{34E4613A-3AB7-4314-8508-DF60C23C81D8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3F9B6328-8608-4F92-A68C-C24A330C87B6}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{448A716B-2C82-4950-8A6E-61BB50E5D8E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{4FD5DB4A-BE2F-4923-8785-D1DE39BA8EF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{525080B1-7FAF-41D3-ABC3-69BC4C72FD4C}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5FE0E503-6BEC-4980-982D-370A633D5E62}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{62985B72-798A-4B7B-97B2-752BBB6633A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{62A7F92D-5EB5-4AFE-AAD9-94BD5E131FFE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{63037855-B3D1-4DAF-BEAA-176A72E88FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{639544D7-9A49-41D5-B89E-A69A0AA94830}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{63C85639-6301-4F32-8DC5-F8D191B67F0C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69847134-A21D-4C82-BE14-A4D0AFF469B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{70E7CD20-B4E9-4EA8-BA0A-F1DF5497F3A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{782878DC-44C3-4A35-88D5-5C8A20EF2F9C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7E1C2DC7-BAF6-428B-9175-EBE190BBC091}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{ABAFD25E-C73C-49DA-AB49-123094DCD3E5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8762FCF-472B-4D21-ADD4-EE2398CCFE18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{BBC2165C-23F8-49C2-BF2C-B19F4E078EF6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BEF4E954-5A04-43D9-A07D-2E500CF0992E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C44B5A09-8781-4216-B36C-6F3B03D04DDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{CCC83F10-3667-42C9-9FF8-8AB779E4322E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE555720-4121-4C56-9B79-26CFD1A508C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1F3C3A7-8304-41AD-A561-E8F5C152AA88}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D2FBDCA3-30CF-4C17-AC83-59C390992316}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E27A881A-D88E-434D-861D-25E2BE3C7387}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EEA1B319-8A6E-4156-82F2-0FA7EBF452E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F21A4869-7B28-4A01-B99D-4EAF1F8A2449}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F926D349-DC95-4DCF-8B0A-43E75EA27ED3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0B82AE01-DD95-4DEB-82DB-EE8FB0441E8E}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"TCP Query User{38E16134-18FA-443F-8D8F-DB5378A6AC1E}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{BBED1C8E-B08C-4083-865E-36EF6E139177}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{DDFED34B-66CC-468B-9DC3-4544D556FD48}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dream Of Mirror Online" = Dream Of Mirror Online
"Gadwin PrintScreen" = Gadwin PrintScreen
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnlinePlay" = OnlinePlay 1.0
"Picasa2" = Picasa 2
"RegistryReviver" = RegistryReviver
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 6 (32-bit)
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2885195011-3334626357-3620496344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 24/01/2011 12:25:00 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 24/01/2011 12:27:50 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =
Error - 24/01/2011 12:28:11 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =
Error - 24/01/2011 12:32:51 PM | Computer Name = User-PC | Source = Desktop | ID = 268379920
Description =
Error - 24/01/2011 12:32:57 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application BbDevMgr.exe, version 4.0.1.3, time stamp 0x476be204,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00041bb8, process id 0x14d4, application start time
0x01cbbbe392d4e674.
Error - 24/01/2011 4:59:20 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application wkswp.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x440, application start time 0x01cbbbe756b9acd4.
Error - 24/01/2011 6:58:05 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25/01/2011 1:51:18 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x2874, application start time 0x01cbbc53d33c6850.
Error - 25/01/2011 2:55:40 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, time
stamp 0x4cf928fc, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03821, exception code 0xc0000005, fault offset 0x00048b02, process id 0x29a8,
application start time 0x01cbbc457a41a980.
Error - 25/01/2011 12:15:07 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 18/11/2011 11:27:08 AM | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 18/11/2011 11:27:16 AM | Computer Name = User-PC | Source = DCOM | ID = 10005
Description =
Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18/11/2011 11:27:28 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 18/11/2011 12:46:31 PM | Computer Name = User-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
Error - 18/11/2011 12:46:31 PM | Computer Name = User-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
Error - 18/11/2011 12:47:27 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18/11/2011 12:48:53 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 18/11/2011 12:48:54 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Edited by MissSashy, 18 November 2011 - 03:59 PM.