Jump to content

Words underlined and linking to other sites


JPT

Recommended Posts

I think I have some sort of annoying malware that effects my brower (fire fox), whichever webpages I look on certain words are being underlined like a hyperlink and when i run my mouse over them a small window flashes up to diffent gambling or dating site. Words like "Won" (from e-bay) are bring up a pop up link to prizegiveaway.com and words like "gamble" (message in a chess game) to sizzlinghot.ch. I've run all three possible scans on the malwarebtyes pro version plus a full scan on microsoft essential security but nothing was picked up. Any advice ?

Attach.txt

DDS.txt

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Link to post
Share on other sites

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Hi,

Try to run aswMBR from Safe Mode with Networking....if it won't run, do the following:

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Hi,

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Link to post
Share on other sites

Hi Jeff

Ran the Combofix program see results attached, i noticed that it deleted a program called lightshot, interesting enough the third time i ran the aswMBR program i used my camera to record the point it crashed (see picture) and it was when it was scanning the set-up files of the same program, these files are still in my downloads folder should i deleted them ?

cheers

JPT

ComboFix.txt

post-121853-0-63930200-1355220467.jpg

Link to post
Share on other sites

Is there a reason you know of that your system is set to connect to Saudi Arabia and Switzerland? It's not a problem if you do, but I just need to know so that I don't accidentally remove it. :)

Link to post
Share on other sites

Ok thanks for letting me know....

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - <orphaned>
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    TCP: Interfaces\{F441077D-354B-4735-8492-8DB5F2D04732} : NameServer = 86.51.35.24 86.51.34.24
    Firefox::
    FF - ProfilePath - C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - ExtSQL: 2012-10-19 21:32; toolbar@ask.com; C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\toolbar@ask.com
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    File::
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Link to post
Share on other sites

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Link to post
Share on other sites

Hi Jeff

New adwcleaner file attached, sorry to report that it is still happening, but on the positive side you did get rid of that annoying ask.com toolbar so thanks for that.

Note I cleaned out my cookies earlier and went to one of the pages where i knew there would be a word which was effected and then checked my cookies again and it looks like it has something to do with d.textsrv.com & I.trkjump.com hope this helps.

Cheers

J

Link to post
Share on other sites

Oooops....didn't get the report. Please post that. :)

Let's use a different tool to take a look.

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

Opps sorry about that file attached now.

OTL report

OTL logfile created on: 12/17/2012 10:27:32 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JPT\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.74% Memory free

7.49 Gb Paging File | 5.92 Gb Available in Paging File | 79.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 204.66 Gb Free Space | 68.66% Space Free | Partition Type: NTFS

Drive D: | 297.69 Gb Total Space | 290.06 Gb Free Space | 97.44% Space Free | Partition Type: NTFS

Computer Name: DADS-PAD | User Name: JPT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JPT\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\JPT\AppData\Local\Skillbrains\lightshot\3.2.0.0\Lightshot.exe (Skillbrains)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)

PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)

SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (gttap1) -- C:\Windows\SysNative\drivers\gttap1.sys (The OpenVPN Project)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)

DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{65FDE9BA-1A5B-48C6-A9C2-EF5E63C842D7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{1240B772-591B-4E3E-81F8-C2861EA314A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{27AB123D-1580-4393-8AD5-4E439912AF2D}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKCU\..\SearchScopes\{927683A6-9041-45F5-BC6D-83888369D9FD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=19C2CC07-4EFD-4179-AF1C-3C0B192C034C&apn_sauid=E0F27672-5FD5-408A-A1D0-36FCCB55AE2C

IE - HKCU\..\SearchScopes\{FF75543E-CE38-433A-82B5-DAA842F4492E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.2: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: imagedownload%40Merci.chao:6.0.3

FF - prefs.js..extensions.enabledAddons: matus.uhliar%40gmail.com:1.0.4

FF - prefs.js..extensions.enabledAddons: updater%40foxstart.com:2.1

FF - prefs.js..extensions.enabledAddons: %7B394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B%7D:3.0.0

FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.9

FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 11:42:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/14 12:16:26 | 000,000,000 | ---D | M]

[2011/04/30 12:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Extensions

[2012/12/14 16:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions

[2012/09/19 15:08:07 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}

[2012/09/18 17:27:08 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}

[2012/05/17 17:01:19 | 000,000,000 | ---D | M] (ImageTools) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\matus.uhliar@gmail.com

[2012/02/02 09:00:14 | 000,000,000 | ---D | M] ("Update Service") -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\updater@foxstart.com

[2012/05/17 17:01:18 | 000,052,126 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\imagedownload@Merci.chao.xpi

[2012/11/25 11:54:29 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\torntv@torntv.com.xpi

[2012/05/17 17:01:19 | 000,089,724 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi

[2012/12/09 11:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/11/29 08:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/11/29 08:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/29 08:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/14 11:37:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110430191157.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110430191157.dll (McAfee, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [autodetect] C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [LightShot] C:\Users\JPT\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3CBF9B-3EBF-4825-BD49-50682132BF34}: DhcpNameServer = 10.197.100.1 10.197.100.2 10.197.100.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B9EE32F-73B7-4AA6-83BE-243642F6FFC1}: NameServer = 192.168.0.1,192.168.1.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F441077D-354B-4735-8492-8DB5F2D04732}: NameServer = 86.51.35.24 86.51.34.24

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 10:26:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JPT\Desktop\OTL.exe

[2012/12/14 12:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/12/14 12:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/12/14 11:57:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/14 11:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/11 09:38:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/11 09:38:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/11 09:38:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/11 09:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/11 09:37:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/11 09:07:03 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\JPT\Desktop\ComboFix.exe

[2012/12/10 13:26:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JPT\Desktop\tdsskiller.exe

[2012/12/09 19:41:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\JPT\Desktop\aswMBR.exe

[2012/12/09 19:35:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/12/09 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\JPT\Documents\malwarebtyes files

[2012/12/09 11:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/12/01 16:49:10 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/25 11:54:27 | 000,000,000 | ---D | C] -- C:\Users\JPT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

[2012/11/25 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\JPT\AppData\Local\MPlayer

[2012/11/25 09:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links

[2012/11/25 09:57:30 | 000,000,000 | ---D | C] -- C:\MININT

[2012/11/25 09:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer

[2012/11/25 09:57:26 | 000,000,000 | ---D | C] -- C:\Users\JPT\.umplayer

[2012/11/25 09:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UMPlayer

[2012/11/23 21:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/23 21:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 10:27:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/17 10:27:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/17 10:26:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JPT\Desktop\OTL.exe

[2012/12/17 10:23:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2012/12/17 10:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/17 10:17:14 | 3016,507,392 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/16 18:52:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3661376006-3203812890-1187670099-1000.job

[2012/12/14 15:40:03 | 000,545,819 | ---- | M] () -- C:\Users\JPT\Desktop\AdwCleaner.exe

[2012/12/14 12:16:26 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/14 11:37:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/12/12 20:18:23 | 000,459,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/11 14:55:49 | 000,039,424 | ---- | M] () -- C:\Users\JPT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/12/11 09:07:33 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\JPT\Desktop\ComboFix.exe

[2012/12/10 13:26:57 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JPT\Desktop\tdsskiller.exe

[2012/12/10 13:20:35 | 351,269,089 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/12/09 19:41:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\JPT\Desktop\aswMBR.exe

[2012/12/09 11:42:51 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/25 09:57:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\UMPlayer.lnk

[2012/11/23 21:00:32 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/14 15:39:41 | 000,545,819 | ---- | C] () -- C:\Users\JPT\Desktop\AdwCleaner.exe

[2012/12/14 12:16:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/14 12:16:26 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/11 09:38:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/11 09:38:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/11 09:38:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/11 09:38:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/11 09:38:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/09 19:35:08 | 351,269,089 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/12/09 11:42:51 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/12/09 11:42:51 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/25 09:57:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\UMPlayer.lnk

[2012/11/23 21:00:32 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/10/20 19:52:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/05/17 17:03:22 | 000,000,771 | ---- | C] () -- C:\Users\JPT\AppData\Local\UserProducts.xml

[2011/10/27 22:00:07 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI

[2011/07/13 23:58:47 | 000,039,424 | ---- | C] () -- C:\Users\JPT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/08 18:48:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2011/05/08 18:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2011/05/01 18:00:36 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/30 21:49:38 | 000,049,531 | ---- | C] () -- C:\Users\JPT\betting score rev 2.ods

[2011/04/30 14:42:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/04/30 12:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/01/17 22:14:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2011/01/17 22:06:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/01/17 21:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/01/17 21:51:31 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/05 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ACD Systems

[2011/10/12 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Ashampoo

[2011/04/30 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2012/10/28 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Canon

[2011/04/30 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ChessBase

[2011/09/17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

[2011/05/04 21:59:47 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Dev-Cpp

[2011/08/18 10:52:22 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Downloaded Installations

[2011/04/30 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2011/05/11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\GameMaker

[2011/07/11 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\go

[2011/05/04 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\HomerChess

[2011/08/26 09:42:11 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ICAClient

[2011/08/18 10:57:52 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Nitro PDF

[2011/04/30 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\OpenOffice.org

[2011/05/20 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Softland

[2011/08/18 09:39:45 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Temp

[2012/06/29 08:08:34 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\TopupSoftware

[2011/04/30 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Toshiba

[2011/04/30 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\TP

[2011/09/19 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

AdwCleanerS1.txt

Link to post
Share on other sites

Extra report

OTL Extras logfile created on: 12/17/2012 10:27:58 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JPT\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.74% Memory free

7.49 Gb Paging File | 5.92 Gb Available in Paging File | 79.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 204.66 Gb Free Space | 68.66% Space Free | Partition Type: NTFS

Drive D: | 297.69 Gb Total Space | 290.06 Gb Free Space | 97.44% Space Free | Partition Type: NTFS

Computer Name: DADS-PAD | User Name: JPT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)

Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)

Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00FA0251-4F48-4672-8FB0-F2A0E2F3C617}" = lport=139 | protocol=6 | dir=in | app=system |

"{0C3E1991-58D3-4000-8266-44E0B9264462}" = rport=10243 | protocol=6 | dir=out | app=system |

"{156563C7-6320-4625-AA8C-199B7979EB80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1B6CCFD7-0D1B-4737-A502-B9AB520D7992}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1ED0BED9-0830-4E13-8498-86F4F204B8C8}" = rport=138 | protocol=17 | dir=out | app=system |

"{219B4CAE-DEB1-4D59-8D51-B80A8ADD332F}" = lport=445 | protocol=6 | dir=in | app=system |

"{27CD8003-25F9-43E1-8049-129B0FBB963C}" = rport=445 | protocol=6 | dir=out | app=system |

"{2B01FA12-4042-48C2-A50E-6F0836267E81}" = lport=10243 | protocol=6 | dir=in | app=system |

"{335754E5-66A5-418B-BDC1-6917B5B1DEBC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{349129CB-625F-4E67-8067-FD7EBC74CC6F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{49FC3A15-BB3B-4EA3-BE1A-CA774D70C11D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{4CEDA21C-04D9-4FD0-A39F-A749CC6A9035}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5C2B9DDC-EC91-4357-AA11-A18FCEFB1380}" = rport=137 | protocol=17 | dir=out | app=system |

"{68352FA5-29DC-449C-8727-8BF315FA5B95}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{7E26AE88-6CB2-4F60-8EDF-E2AF927A0487}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{93BD6E1E-3620-45A7-AD10-C21DE6D8D31B}" = lport=138 | protocol=17 | dir=in | app=system |

"{A24532AD-44A0-428E-B0FA-08F489E8050B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AC1155C3-F1D0-41AD-A2AC-2FF28CF262FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B311968D-0609-4C10-B5CC-E7501E263C35}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{B8488402-B9D7-451F-900A-E839BD75A181}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BA8BE0E4-09BE-4274-982B-F4D71784004A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C83B1435-0C52-48F6-ACF0-C05D8D3D6967}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D03596D9-35DF-4F8D-9F78-2E276B260EA8}" = lport=137 | protocol=17 | dir=in | app=system |

"{D277D6E7-0241-45D8-8582-31325F84C956}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DD4C2E2F-D9E0-4FDE-8AFE-9B49874AFAF8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DF77B36E-9837-4C7C-977D-8CDC67908F69}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{F4F077FD-0EE2-453F-8CDE-0F67845EAFDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F59EB5B7-C9FF-40FB-B476-EC709CF10C06}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{087590E0-CAB3-4454-B055-0C1E9C6B6BBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0B15D951-D898-49FE-BF04-6300CF6BD8C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{19A0DFCE-0097-4D23-ADB1-AB21767E2873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2824C10F-B9C9-4A81-BF44-C7D187C62CD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{29EF7A7D-3293-48FC-BD1D-D68F91565F44}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{33C84E92-1641-4CFF-9FD5-00B2785FAC90}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |

"{34CEBD8B-A114-4555-AD1C-0D96BBED7297}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |

"{366D243F-86A8-4CC1-87E7-6FF98448CC0F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{39EE37B1-5978-46E3-9229-89B41E3DC071}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{3CBA6695-403B-4D53-80D1-CD5F73423F9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3F2277DC-C586-4D68-BAB3-E642048C7AEF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{46386311-3B89-462C-8ED3-6C9793DB84E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4863F8AB-B3BA-4B47-B6E8-5F38E91B33CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4E1A98D9-F215-4FC9-806D-9EE4219F2BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cltcjt2\condition zero\hl.exe |

"{50BE81A8-F61D-49CD-AD20-CC68B9BEFD33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{57827048-1E3A-4A7E-BAEC-E3706558E3C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5B0821CB-25D4-423D-9B4B-E14579281859}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6AD05B06-BF94-4175-9D8C-EBBD23D2B618}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{709E33C3-5A00-49AE-BBC4-2F6C58083352}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{71F1216F-8136-4B2A-9770-8C1CD5EB4F76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{73CD8239-2632-4582-9EEF-EF80E4BB1BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |

"{7D36314C-AFAD-4FF8-AE22-BF0BF997F83E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |

"{7D3C4339-02DF-4E08-B59F-B60E91CCCD18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7FDFF307-B09D-4F0C-B197-39949D8A8907}" = protocol=17 | dir=in | app=c:\program files (x86)\midway games\rise and fall\riseandfall.exe |

"{80248C3F-AD6D-4092-A0CC-84CD54F1C2F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{814427DF-F727-4754-9D4B-89014DECB5D3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |

"{925B1AFD-F3F4-49E8-B61C-34F591E40BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cltcjt2\condition zero\hl.exe |

"{962DB159-6AF8-48AD-9F3D-8A8A3EF9B8CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9F33C619-51B1-4DE6-946C-58F46E3ED4F9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |

"{B8A168E1-D0F8-48E2-8690-A98F4A56C96B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BCFE855C-B5BA-4BBD-93EC-7E2B8F8E3D54}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |

"{C210D499-1DB9-4876-A55F-0DF283D8E257}" = protocol=6 | dir=out | app=system |

"{C772C4BD-AC88-4918-861B-DDA06ED4C0E1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |

"{CE10AC11-4481-4ED0-998B-8BDE20F37948}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D39C01FA-DACD-4B0C-9897-88367E5D0F05}" = protocol=6 | dir=in | app=c:\program files (x86)\midway games\rise and fall\riseandfall.exe |

"{D76E3315-A41A-4E3E-9FCA-69E1F0C0015F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E123EC16-FA0E-4054-A19C-0296B41E7B77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E69FC39F-4F98-4EB8-9CCF-1C4ADDA5B36F}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |

"{EA26F6AA-DB03-4A56-BF01-59364B7F34C4}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |

"{EF9E070B-1823-43D5-9D0A-B3DA08820A43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F023A7CF-8C64-4421-A114-075084212ECE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"doPDF 7 printer_is1" = doPDF 7.2 printer

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1

"Microsoft Security Client" = Microsoft Security Essentials

"R for Windows 2.13.0_is1" = R for Windows 2.13.0

"Recuva" = Recuva

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish

"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese

"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish

"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java 6 Update 37

"{286033D3-C1C2-458A-B42B-0AC9C4E62B90}" = Scid

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2EE25541-2D81-4FE7-9887-87997B6DA362}" = GoTrusted Secure Tunnel v2.3.3.1

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.2.0.0

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr

"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional

"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All

"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook

"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common

"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish

"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{5712BCFD-311A-42E4-A720-A4D2664EA21E}" = TopupTax

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2

"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3

"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Zain Broadband

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk

"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean

"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop

"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard

"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO

"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy

"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English

"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek

"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki

"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"1ClickDownload" = TornTV

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"Byki Express" = Byki Express

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook

"GameMaker81" = GameMaker 8.1

"Homer_is1" = Homer 2.01

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Mobily Connect Card" = Mobily Connect Card

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee SecurityCenter

"MyCamera" = Canon Utilities MyCamera

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"PhotoStitch" = Canon Utilities PhotoStitch

"PROR" = Microsoft Office Professional 2007

"Steam App 80" = Counter-Strike: Condition Zero

"UMPlayer" = UMPlayer 0.98 [Athlon]

"VLC media player" = VLC media player 1.1.11

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WT088682" = Bejeweled 2 Deluxe

"WT088696" = Chuzzle Deluxe

"WT088759" = Polar Bowler

"WT089367" = Farm Mania 2

"WT089378" = Jewel Quest II

"WT089380" = Penguins!

"WT089381" = Slingo Supreme

"WT089388" = Zuma Deluxe

"WT089395" = Plants vs. Zombies - Game of the Year

"WT089404" = Fishdom

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = EasyBits GO

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/20/2012 12:37:24 PM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\TOSHIBA

Web Camera Application\TWebCamera.exe". Dependent Assembly Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2012 11:38:49 AM | Computer Name = DADS-PAD | Source = McLogEvent | ID = 5022

Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 3/21/2012 11:49:00 AM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero

10\Nero BackItUp\NBAgent.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2012 11:49:02 AM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\TOSHIBA

Web Camera Application\TWebCamera.exe". Dependent Assembly Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2012 12:27:51 PM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero

10\Nero BackItUp\NBCore.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2012 4:27:51 PM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero

10\Nero BackItUp\NBCore.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/22/2012 3:14:42 AM | Computer Name = DADS-PAD | Source = McLogEvent | ID = 5022

Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 3/22/2012 3:15:46 AM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero

10\Nero BackItUp\NBAgent.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/22/2012 3:15:56 AM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\TOSHIBA

Web Camera Application\TWebCamera.exe". Dependent Assembly Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/22/2012 6:27:51 AM | Computer Name = DADS-PAD | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero

10\Nero BackItUp\NBCore.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 9/8/2011 2:38:26 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 19:38:20 - Error connecting to the internet. 19:38:20 - Unable

to contact server..

Error - 9/27/2011 2:04:19 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 19:04:18 - Error connecting to the internet. 19:04:19 - Unable

to contact server..

Error - 9/27/2011 2:04:50 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 19:04:38 - Error connecting to the internet. 19:04:38 - Unable

to contact server..

Error - 9/30/2011 1:15:10 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 18:15:10 - Error connecting to the internet. 18:15:10 - Unable

to contact server..

Error - 9/30/2011 1:15:50 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 18:15:16 - Error connecting to the internet. 18:15:16 - Unable

to contact server..

Error - 10/1/2011 11:10:31 AM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 16:10:31 - Error connecting to the internet. 16:10:31 - Unable

to contact server..

Error - 10/1/2011 11:10:47 AM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 16:10:36 - Error connecting to the internet. 16:10:36 - Unable

to contact server..

Error - 10/3/2011 2:35:34 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 19:35:33 - Error connecting to the internet. 19:35:34 - Unable

to contact server..

Error - 10/3/2011 2:35:47 PM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 19:35:39 - Error connecting to the internet. 19:35:39 - Unable

to contact server..

Error - 10/5/2011 11:14:23 AM | Computer Name = DADS-PAD | Source = MCUpdate | ID = 0

Description = 16:14:14 - Error connecting to the internet. 16:14:14 - Unable

to contact server..

[ System Events ]

Error - 12/16/2012 4:45:09 AM | Computer Name = DADS-PAD | Source = amdsata | ID = 262155

Description = The driver detected a controller error on \Device\RaidPort0.

Error - 12/16/2012 6:01:19 AM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 12/16/2012 12:29:33 PM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee Personal Firewall Service service failed to start due to

the following error: %%2

Error - 12/16/2012 12:32:06 PM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee Services service failed to start due to the following error:

%%2

Error - 12/16/2012 12:32:06 PM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee VirusScan Announcer service failed to start due to the

following error: %%2

Error - 12/16/2012 3:56:43 PM | Computer Name = DADS-PAD | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.141.1943.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error

code: 0x8024001e Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 12/16/2012 3:56:43 PM | Computer Name = DADS-PAD | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.141.1943.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error

code: 0x8024001e Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 12/17/2012 6:17:52 AM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee Personal Firewall Service service failed to start due to

the following error: %%2

Error - 12/17/2012 6:20:31 AM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee Services service failed to start due to the following error:

%%2

Error - 12/17/2012 6:20:31 AM | Computer Name = DADS-PAD | Source = Service Control Manager | ID = 7000

Description = The McAfee VirusScan Announcer service failed to start due to the

following error: %%2

< End of report >

Link to post
Share on other sites

Hi,

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

    :OTL
    IE - HKCU\..\SearchScopes\{927683A6-9041-45F5-BC6D-83888369D9FD}: "URL" = http://websearch.ask...D0-36FCCB55AE2C
    [2012/09/18 17:27:08 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
    [2012/02/02 09:00:14 | 000,000,000 | ---D | M] ("Update Service") -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\updater@foxstart.com
    [2012/05/17 17:01:19 | 000,089,724 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
    [2012/12/11 14:55:49 | 000,039,424 | ---- | M] () -- C:\Users\JPT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new OTL log and let me know how your system is behaving. :)

Link to post
Share on other sites

Hi Jeff

I ran the fix yesterday but the problem still seems to be occuring :(, i ran another quick scan (the LOP check & purity boxes automatically checked) this is the result

cheers

J

OTL logfile created on: 12/18/2012 9:32:19 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JPT\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 59.89% Memory free

7.49 Gb Paging File | 5.65 Gb Available in Paging File | 75.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 205.16 Gb Free Space | 68.83% Space Free | Partition Type: NTFS

Drive D: | 297.69 Gb Total Space | 290.06 Gb Free Space | 97.44% Space Free | Partition Type: NTFS

Computer Name: DADS-PAD | User Name: JPT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JPT\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\JPT\AppData\Local\Skillbrains\lightshot\3.2.0.0\Lightshot.exe (Skillbrains)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)

PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

MOD - C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)

SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (gttap1) -- C:\Windows\SysNative\drivers\gttap1.sys (The OpenVPN Project)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)

DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{65FDE9BA-1A5B-48C6-A9C2-EF5E63C842D7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{1240B772-591B-4E3E-81F8-C2861EA314A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{27AB123D-1580-4393-8AD5-4E439912AF2D}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKCU\..\SearchScopes\{FF75543E-CE38-433A-82B5-DAA842F4492E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.2: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: imagedownload%40Merci.chao:6.0.3

FF - prefs.js..extensions.enabledAddons: matus.uhliar%40gmail.com:1.0.4

FF - prefs.js..extensions.enabledAddons: %7B394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B%7D:3.0.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/09 11:42:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/14 12:16:26 | 000,000,000 | ---D | M]

[2011/04/30 12:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Extensions

[2012/12/17 21:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions

[2012/09/19 15:08:07 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}

[2012/05/17 17:01:19 | 000,000,000 | ---D | M] (ImageTools) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\matus.uhliar@gmail.com

[2012/05/17 17:01:18 | 000,052,126 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\imagedownload@Merci.chao.xpi

[2012/11/25 11:54:29 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\JPT\AppData\Roaming\Mozilla\Firefox\Profiles\ezc5jf8s.default\extensions\torntv@torntv.com.xpi

[2012/12/09 11:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/11/10 13:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/11/29 08:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/11/29 08:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/29 08:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/17 21:53:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110430191157.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110430191157.dll (McAfee, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [autodetect] C:\Program Files (x86)\Zain Broadband\AutoDect.exe ()

O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [LightShot] C:\Users\JPT\AppData\Local\Skillbrains\lightshot\LightShot.exe ()

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3CBF9B-3EBF-4825-BD49-50682132BF34}: DhcpNameServer = 10.197.100.1 10.197.100.2 10.197.100.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B9EE32F-73B7-4AA6-83BE-243642F6FFC1}: NameServer = 192.168.0.1,192.168.1.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F441077D-354B-4735-8492-8DB5F2D04732}: NameServer = 86.51.35.24 86.51.34.24

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 21:51:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/12/17 10:26:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JPT\Desktop\OTL.exe

[2012/12/14 12:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/12/14 12:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/12/14 11:57:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/14 11:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/11 09:38:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/11 09:38:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/11 09:38:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/11 09:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/11 09:37:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/11 09:07:03 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\JPT\Desktop\ComboFix.exe

[2012/12/10 13:26:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JPT\Desktop\tdsskiller.exe

[2012/12/09 19:41:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\JPT\Desktop\aswMBR.exe

[2012/12/09 19:35:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/12/09 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\JPT\Documents\malwarebtyes files

[2012/12/09 11:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/12/01 16:49:10 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/25 11:54:27 | 000,000,000 | ---D | C] -- C:\Users\JPT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

[2012/11/25 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\JPT\AppData\Local\MPlayer

[2012/11/25 09:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links

[2012/11/25 09:57:30 | 000,000,000 | ---D | C] -- C:\MININT

[2012/11/25 09:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer

[2012/11/25 09:57:26 | 000,000,000 | ---D | C] -- C:\Users\JPT\.umplayer

[2012/11/25 09:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UMPlayer

[2012/11/23 21:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/23 21:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/12/18 09:09:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/18 09:09:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/18 08:58:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/18 08:58:39 | 3016,507,392 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/17 21:53:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/12/17 14:52:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3661376006-3203812890-1187670099-1000.job

[2012/12/17 10:26:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JPT\Desktop\OTL.exe

[2012/12/17 10:23:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2012/12/14 15:40:03 | 000,545,819 | ---- | M] () -- C:\Users\JPT\Desktop\AdwCleaner.exe

[2012/12/14 12:16:26 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/12 20:18:23 | 000,459,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/11 09:07:33 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\JPT\Desktop\ComboFix.exe

[2012/12/10 13:26:57 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JPT\Desktop\tdsskiller.exe

[2012/12/10 13:20:35 | 351,269,089 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/12/09 19:41:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\JPT\Desktop\aswMBR.exe

[2012/12/09 11:42:51 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/25 09:57:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\UMPlayer.lnk

[2012/11/23 21:00:32 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/12/14 15:39:41 | 000,545,819 | ---- | C] () -- C:\Users\JPT\Desktop\AdwCleaner.exe

[2012/12/14 12:16:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/14 12:16:26 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2012/12/11 09:38:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/11 09:38:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/11 09:38:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/11 09:38:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/11 09:38:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/09 19:35:08 | 351,269,089 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/12/09 11:42:51 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/12/09 11:42:51 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/25 09:57:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\UMPlayer.lnk

[2012/11/23 21:00:32 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/10/20 19:52:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/05/17 17:03:22 | 000,000,771 | ---- | C] () -- C:\Users\JPT\AppData\Local\UserProducts.xml

[2011/10/27 22:00:07 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI

[2011/05/08 18:48:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2011/05/08 18:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2011/05/01 18:00:36 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/30 21:49:38 | 000,049,531 | ---- | C] () -- C:\Users\JPT\betting score rev 2.ods

[2011/04/30 14:42:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/04/30 12:58:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/01/17 22:14:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2011/01/17 22:06:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/01/17 21:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/01/17 21:51:31 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/05 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ACD Systems

[2011/10/12 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Ashampoo

[2011/04/30 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2012/10/28 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Canon

[2011/04/30 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ChessBase

[2011/09/17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ChessCubeVideoViewer.22A6FA2509F415BF040C756B4D9CC577BC15C17E.1

[2011/05/04 21:59:47 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Dev-Cpp

[2011/08/18 10:52:22 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Downloaded Installations

[2011/04/30 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2011/05/11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\GameMaker

[2011/07/11 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\go

[2011/05/04 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\HomerChess

[2011/08/26 09:42:11 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\ICAClient

[2011/08/18 10:57:52 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Nitro PDF

[2011/04/30 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\OpenOffice.org

[2011/05/20 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Softland

[2011/08/18 09:39:45 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Temp

[2012/06/29 08:08:34 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\TopupSoftware

[2011/04/30 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\Toshiba

[2011/04/30 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\TP

[2011/09/19 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\JPT\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hi,

So you are only having the problems in Firefox?

Please go to: VirusTotal

On the page you'll find a "Choose File" button.

Click on the Choose File button.

In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Users\JPT\betting score rev 2.ods

Next, click the Open button.

Then click the "Scan It!" button just below.

This will scan the file. Please be patient.

If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

----------

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.