urmaserendipity85

Thank you so much for all your help!

Yeah sorry, I didn't delete the whole of program files, just C:\Program Files\Windows iLivid Toolbar\ as requested earlier. Program files is visible.

Yep, deleted as described :)

Everything seems to be running fine now, happy days :)

Here is the log, I'm using Chrome which doesn't give me an option to save things as different names (or it might do, but I haven't figured it out). If you need me to change the name and re run the scan, that's fine just let me know. ComboFix 11-10-29.03 - Emma 29/10/2011 14:55:13.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1052 [GMT 1:00] Running from: c:\users\Emma\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 ))))))))))))))))))))))))))))))) . . 2011-10-29 14:11 . 2011-10-29 14:11 -------- d-----w- c:\users\Emma\AppData\Local\temp 2011-10-29 14:11 . 2011-10-29 14:11 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-10-29 14:11 . 2011-10-29 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-29 13:42 . 2011-10-29 13:42 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA8E8011-DDBF-427E-8A00-1F66FCE3E862}\MpKsl85a4ea10.sys 2011-10-29 13:42 . 2011-09-12 15:14 7269712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-29 13:41 . 2011-10-29 13:41 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA8E8011-DDBF-427E-8A00-1F66FCE3E862}\offreg.dll 2011-10-29 13:41 . 2011-10-06 19:48 6668624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA8E8011-DDBF-427E-8A00-1F66FCE3E862}\mpengine.dll 2011-10-29 13:39 . 2011-10-29 13:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94466F9E-1D7C-408B-B6AC-B1176AE9FADD}\gapaengine.dll 2011-10-29 12:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD7A79F9-7D30-4BEE-856E-85288B3FFCC2}\mpengine.dll 2011-10-25 11:58 . 2011-10-25 11:58 -------- d-----w- c:\program files\iPod 2011-10-25 11:57 . 2011-10-25 12:01 -------- d-----w- c:\program files\iTunes 2011-10-25 11:42 . 2011-10-25 11:42 -------- d-----w- c:\program files\Bonjour 2011-10-21 11:17 . 2011-10-21 11:17 -------- d-----w- c:\program files\ESET 2011-10-21 10:41 . 2011-10-21 10:41 -------- d-----w- c:\program files\Common Files\Java 2011-10-19 19:35 . 2011-10-19 19:35 -------- d-----w- C:\_OTL 2011-10-19 19:29 . 2011-10-19 19:29 -------- d-----w- c:\program files\ERUNT 2011-10-15 12:56 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-15 12:56 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-15 12:56 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-15 12:56 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-15 12:50 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-10-15 12:49 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-15 12:44 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-15 12:44 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-15 12:44 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-15 12:44 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-08 14:12 . 2011-10-08 14:12 -------- d-----w- c:\program files\Apple Software Update 2011-10-08 10:09 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-07 17:14 . 2011-10-07 17:14 -------- d-----w- c:\program files\NirSoft 2011-10-03 12:41 . 2011-10-03 12:43 -------- d-----w- c:\program files\QuickTime(223) . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-21 10:39 . 2010-06-02 19:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\system32\dnssd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] 2009-12-20 09:51 87480 ---ha-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2010-10-19 12:53 585136 ---ha-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480] . [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-22 1836544] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "Skytel"="Skytel.exe" [2007-11-20 1826816] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] . c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"="1" . R1 MpKsl0938bf77;MpKsl0938bf77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20DD8AA2-EFA6-44BD-BC08-A54D67ED8FA1}\MpKsl0938bf77.sys [x] R1 MpKsl11f24382;MpKsl11f24382;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{105F0CE2-10DE-40A7-9C57-C00620345318}\MpKsl11f24382.sys [x] R1 MpKsl1f0b6b75;MpKsl1f0b6b75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E20A51D-F7E5-4036-87F9-A9D709DBAEE2}\MpKsl1f0b6b75.sys [x] R1 MpKsl73e8b45d;MpKsl73e8b45d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AC2CF04-3A19-489A-970B-9096694C7F77}\MpKsl73e8b45d.sys [x] R1 MpKsl79419e93;MpKsl79419e93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20DD8AA2-EFA6-44BD-BC08-A54D67ED8FA1}\MpKsl79419e93.sys [x] R1 MpKsla09641b8;MpKsla09641b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F26B0E9A-A110-4094-9CD6-77C24A16BF95}\MpKsla09641b8.sys [x] R1 MpKsld05f167d;MpKsld05f167d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20DD8AA2-EFA6-44BD-BC08-A54D67ED8FA1}\MpKsld05f167d.sys [x] R1 MpKsldc442479;MpKsldc442479;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69BE6673-3D2C-4B69-BE00-139B76369D54}\MpKsldc442479.sys [x] R1 MpKsle54ac536;MpKsle54ac536;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8FAE9A2-A6F4-4C23-95AB-D0DB707BAA97}\MpKsle54ac536.sys [x] R1 MpKsle56fb53d;MpKsle56fb53d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A01E9465-40B5-4F7A-A883-028AE8484E9D}\MpKsle56fb53d.sys [x] R1 MpKsle6e8eb8d;MpKsle6e8eb8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11325081-BBB8-4E01-A969-6641850AA0EA}\MpKsle6e8eb8d.sys [x] R1 MpKslf8f46bc6;MpKslf8f46bc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DDF9717-B884-4BC6-AD00-BAD70AAEB38B}\MpKslf8f46bc6.sys [x] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336] S1 MpKsl85a4ea10;MpKsl85a4ea10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA8E8011-DDBF-427E-8A00-1F66FCE3E862}\MpKsl85a4ea10.sys [2011-10-29 28752] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-26 390528] S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL85A4EA10 *NewlyCreated* - MPNWMON *NewlyCreated* - NISDRV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:27] . 2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:27] . 2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job - c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 22:41] . 2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job - c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 22:41] . 2011-10-25 c:\windows\Tasks\Norton Security Scan for Emma.job - c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-11 07:25] . 2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{2BBCE6FC-CF1E-4531-9799-2F8987D23650}.job - c:\windows\system32\msfeedssync.exe [2011-04-20 18:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/news/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab . - - - - ORPHANS REMOVED - - - - . AddRemove-Searchqu 406 MediaBar - c:\program files\Windows iLivid Toolbar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-29 15:11 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????T]r{?????V???V???V?0 V?X . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1311213406-2224016735-102446658-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:6a,5a,7f,45,13,e2,e3,ed,a2,a0,37,a5,1d,7c,05,a3,85,ae,4c,6e,8a,02,45, ac,1b,62,26,69,8e,02,e8,1d,06,95,80,70,8d,fe,c4,53,c0,26,0f,a4,bf,94,23,6a,\ "??"=hex:d0,ee,24,fc,75,ba,cc,21,f2,c6,67,5b,68,3a,c8,40 . [HKEY_USERS\S-1-5-21-1311213406-2224016735-102446658-1000\Software\SecuROM\License information*] "datasecu"=hex:8a,fb,d8,b4,5b,e0,e5,6c,29,fd,a5,e2,bd,57,d5,d3,38,07,6f,58,b2, e2,68,2b,e1,f4,31,00,b1,5b,64,7f,76,66,bd,87,bf,63,25,e7,17,c2,93,11,f3,04,\ "rkeysecu"=hex:c4,d8,62,62,b5,39,e9,12,16,00,12,5e,21,55,f6,49 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(19800) c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Completion time: 2011-10-29 15:17:28 ComboFix-quarantined-files.txt 2011-10-29 14:17 . Pre-Run: 10,064,330,752 bytes free Post-Run: 10,001,604,608 bytes free . - - End Of File - - 4EED5936B439E47E2C100B2A5ACD0E8E The fan is running, and I never use my laptop on anything but a hard surface. I deleted trusteer from program files, as well as the file you suggested while in safe mode, and it now seems to be starting ok again. Could it have been switching itself off because it was in safe mode? Everything seems ok again now. I don't understand technology sometimes... :)

also, computer keeps turning itself off every 10 minutes or so. It feels very hot when it does this, and my cooling pad recently broke. is it likely to be to do with this? and how do I fix it without another cooling pad? thanks :)

Tried to do the above, and getting the BSOD continuously again. This seems to be very intermittent, but is also very annoying and very inconvenient. Any suggestions for preventing this from happening in the future? Thanks

here we are: SystemLook 30.07.11 by jpshortstuff Log created at 12:39 on 25/10/2011 by Emma Administrator - Elevation successful ========== folderfind ========== Searching for "*Program*" C:\Program Files dr-h--- [11:18 02/11/2006] C:\ProgramData d------ [11:18 02/11/2006] C:\ProgramData\Microsoft\Windows\Start Menu\Programs dr----- [11:18 02/11/2006] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs dr----- [11:18 02/11/2006] C:\Users\Default\AppData\Roaming\Media Center Programs d------ [12:37 02/11/2006] C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs d------ [11:18 02/11/2006] C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData d------ [12:06 21/10/2011] C:\Users\Emma\AppData\Local\VirtualStore\Program Files dr----- [11:18 02/11/2006] C:\Users\Emma\AppData\Local\VirtualStore\ProgramData d--h--- [11:18 02/11/2006] C:\Users\Emma\AppData\Roaming\Media Center Programs d------ [17:46 20/07/2009] C:\Users\Emma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\66DWBDJ5\http://www.channel4.com\static\programmes d------ [13:31 22/10/2011] C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs dr----- [17:46 20/07/2009] C:\Windows\Downloaded Program Files d---s-- [11:18 02/11/2006] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs d------ [12:47 02/11/2006] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs d------ [12:47 02/11/2006] C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs d------ [12:47 02/11/2006] C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs d------ [12:47 02/11/2006] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs d------ [14:56 09/05/2010] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program d------ [12:55 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-h..-programs.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9695d7ef4bd79eb0 d------ [12:41 02/11/2006] C:\_OTL\MovedFiles\10192011_203539\C_Program Files d------ [19:36 19/10/2011] C:\_OTL\MovedFiles\10192011_203539\C_Windows\Downloaded Program Files d------ [19:36 19/10/2011] -= EOF =-

I can't seem to find that folder, in fact I can't seem to find program files on the C drive! Computer is running fine now, do I need to do anything about Trusteer? Thanks so much for all your help, Emma

Updated Java, and ESET found no threats. OTL fix log: Error: Unable to interpret <:File> in the current context!Error: Unable to interpret <C:\Program Files\Windows iLivid Toolbar\> in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 10212011_115710 OTL scan log: OTL logfile created on: 21/10/2011 11:58:04 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emma\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.24% Memory free 3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.22 Gb Total Space | 9.80 Gb Free Space | 13.21% Space Free | Partition Type: NTFS Drive D: | 73.36 Gb Total Space | 25.35 Gb Free Space | 34.55% Space Free | Partition Type: NTFS Computer Name: EMMAD | User Name: Emma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Emma\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3489.18178__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3489.18174__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3489.18085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3489.18159__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3489.18067__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3489.18140__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3489.18122__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3489.18075__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3489.18160__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3489.18075__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3489.18127__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3489.18126__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3489.18158__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3489.18076__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3489.18135__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3489.18086__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3489.18111__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3489.18120__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3489.18087__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3489.18106__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3489.18121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3489.18091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3489.18109__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3489.18090__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3489.18121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3489.18110__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3489.18186__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3489.18167__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3489.18063__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3489.18080__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3489.18154__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3489.18152__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3489.18148__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3489.18065__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3489.18066__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3489.18071__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3489.18065__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3489.18064__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3489.18063__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3489.18153__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - c:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () ========== Win32 Services (SafeList) ========== SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKslc07d2051) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B60D59DA-8031-4B16-A490-A443A9C4AB1B}\MpKslc07d2051.sys (Microsoft Corporation) DRV - (MpKsla96b90df) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B60D59DA-8031-4B16-A490-A443A9C4AB1B}\MpKsla96b90df.sys (Microsoft Corporation) DRV - (RapportCerberus_32029) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys () DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/ IE - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [2011/09/18 11:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions [2009/07/21 19:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/09/18 11:43:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/26 17:20:19 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/07/10 10:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/09/14 13:41:12 | 000,002,506 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Emma\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1311213406-2224016735-102446658-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1311213406-2224016735-102446658-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9C3F09-4BD6-480F-BF26-4E5DC5A315CE}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Pictures\2011\8. August\13th August (15).JPG O24 - Desktop BackupWallPaper: D:\Pictures\2011\8. August\13th August (15).JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/10/21 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/10/21 11:40:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/10/21 11:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/10/21 11:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/10/20 20:13:45 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Local\{F2DC8DFC-D226-42C5-A83D-208A5B2E68BF} [2011/10/20 20:13:20 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Local\{D3FD93FF-DA8D-4923-8BE2-9DBA7A854F0C} [2011/10/19 20:35:39 | 000,000,000 | ---D | C] -- C:\_OTL [2011/10/19 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/10/19 20:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/10/16 19:01:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/10/16 19:01:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/10/16 19:01:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/10/16 19:01:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/10/16 19:01:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/10/15 13:56:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011/10/15 13:56:04 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011/10/15 13:56:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011/10/15 13:56:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011/10/15 13:49:52 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/10/15 13:44:51 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011/10/15 13:44:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011/10/08 15:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/10/08 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/10/08 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/10/08 15:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/10/08 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/10/08 15:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/10/08 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/08 11:09:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView [2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft [2011/10/03 13:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(208) [2011/10/03 13:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(209) [2011/10/03 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(7) [2011/10/03 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(223) [2011/10/03 13:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(6) [2011/09/26 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\WinBatch [2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys ========== Files - Modified Within 30 Days ========== [2011/10/21 11:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/10/21 11:48:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job [2011/10/21 11:39:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/10/21 11:39:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/10/21 11:39:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/10/21 11:39:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/10/21 11:10:47 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/10/21 11:10:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/21 11:10:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/21 11:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/21 03:27:52 | 000,067,373 | ---- | M] () -- C:\Users\Emma\Desktop\196835_10150108699848173_686583172_6587110_7339925_n.jpg [2011/10/21 03:04:50 | 000,002,133 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/10/21 03:04:35 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/10/21 03:04:35 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/10/20 17:55:38 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Emma.job [2011/10/20 12:48:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job [2011/10/19 20:29:13 | 000,000,918 | ---- | M] () -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/10/19 20:29:11 | 000,000,738 | ---- | M] () -- C:\Users\Emma\Desktop\NTREGOPT.lnk [2011/10/19 20:29:11 | 000,000,719 | ---- | M] () -- C:\Users\Emma\Desktop\ERUNT.lnk [2011/10/19 20:28:06 | 000,000,512 | ---- | M] () -- C:\Users\Emma\Desktop\MBR.dat [2011/10/19 20:15:12 | 186,751,378 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/10/19 19:56:54 | 000,001,356 | ---- | M] () -- C:\Users\Emma\AppData\Local\d3d9caps.dat [2011/10/17 18:15:49 | 000,447,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/10/15 14:04:17 | 000,001,669 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/10/08 15:24:28 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/10/08 15:16:55 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/10/08 11:50:17 | 000,002,042 | ---- | M] () -- C:\Users\Emma\Desktop\Google Chrome.lnk [2011/10/08 11:50:17 | 000,002,004 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/10/08 11:09:38 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys ========== Files Created - No Company Name ========== [2011/10/21 03:28:02 | 000,067,373 | ---- | C] () -- C:\Users\Emma\Desktop\196835_10150108699848173_686583172_6587110_7339925_n.jpg [2011/10/21 03:04:22 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/10/19 20:29:13 | 000,000,918 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/10/19 20:29:11 | 000,000,738 | ---- | C] () -- C:\Users\Emma\Desktop\NTREGOPT.lnk [2011/10/19 20:29:11 | 000,000,719 | ---- | C] () -- C:\Users\Emma\Desktop\ERUNT.lnk [2011/10/19 20:28:06 | 000,000,512 | ---- | C] () -- C:\Users\Emma\Desktop\MBR.dat [2011/10/15 14:04:17 | 000,001,669 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/10/08 15:24:28 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/10/08 15:16:55 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/10/08 11:09:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/28 21:01:34 | 186,751,378 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/07/04 19:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{971E2D65-42E5-4715-98F3-613D78005FD8} [2011/07/03 12:44:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{23BE781A-F9BF-4898-B4E3-ACA1D0C0F4B9} [2010/07/19 20:47:48 | 000,001,356 | ---- | C] () -- C:\Users\Emma\AppData\Local\d3d9caps.dat [2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2010/05/06 16:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010/05/06 16:27:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010/04/04 22:22:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010/04/04 22:22:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010/02/11 00:14:01 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/02/11 00:14:00 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/02/11 00:14:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/02/11 00:14:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/02/11 00:14:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll [2009/09/20 11:40:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/09/19 11:11:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/09/11 11:59:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/11 11:59:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/21 19:55:24 | 000,157,184 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/21 17:39:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/07/20 18:54:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2009/07/20 18:52:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009/07/20 18:52:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009/07/20 18:52:23 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009/07/20 18:52:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2009/04/23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/02/22 12:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008/02/22 12:16:45 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008/02/22 12:16:45 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008/02/22 12:16:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008/02/22 12:16:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008/02/22 11:27:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/02/22 11:26:12 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/02/22 11:26:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/01/28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll [2008/01/28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll [2008/01/28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll [2008/01/28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll [2008/01/28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll [2008/01/28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,447,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Thanks!

Ok, here we go (turned out OTL was just taking its sweet time). 1. aswMBR: aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-19 20:25:10 ----------------------------- 20:25:10.073 OS Version: Windows 6.0.6002 Service Pack 2 20:25:10.073 Number of processors: 2 586 0x6802 20:25:10.075 ComputerName: EMMAD UserName: Emma 20:25:26.182 Initialize success 20:25:40.416 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:25:40.420 Disk 0 Vendor: TOSHIBA_MK1652GSX LV010M Size: 152627MB BusType: 3 20:25:42.468 Disk 0 MBR read successfully 20:25:42.471 Disk 0 MBR scan 20:25:42.474 Disk 0 Windows VISTA default MBR code 20:25:42.484 Disk 0 scanning sectors +312578048 20:25:42.638 Disk 0 scanning C:\Windows\system32\drivers 20:26:23.855 Service scanning 20:26:32.786 Modules scanning 20:27:19.582 Disk 0 trace - called modules: 20:27:19.631 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 20:27:19.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8945cac8] 20:27:19.642 3 CLASSPNP.SYS[8bf198b3] -> nt!IofCallDriver -> [0x894698f8] 20:27:19.647 5 acpi.sys[86e0c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8944fb98] 20:27:19.999 Scan finished successfully 20:28:06.870 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat" 20:28:06.904 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt" 2. ERUNT: I ran it, everything was fine, but after rebooting following OTL, I have the following error message: Unable to create file: C:\Windows\ERDNT\AutoBackup\19-10-2011\ERDNT.INF Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files. Not sure why this only came up after rebooting, hope it doesn't mean anything sinister. Everything seems to be working fine anyway. 3. Searchqu toolbar wasn't there. 4. OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Blubster deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found. Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429} C:\Windows\Downloaded Program Files\SETUP.INF moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | 1 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Emma ->Temp folder emptied: 37635324 bytes ->Temporary Internet Files folder emptied: 1735429975 bytes ->Java cache emptied: 55768868 bytes ->Google Chrome cache emptied: 12184172 bytes ->Flash cache emptied: 252330 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 351483684 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2419034344 bytes Total Files Cleaned = 4,398.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 10192011_203539 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Hope this helps, thanks so much (and hope I haven't screwed it up!)

Thanks, nearly done. Quick question: OTL has stopped responding, and the only thing left in the dialogue box is [EmptyTemp]. Is it doing anything or has it frozen? And if it's frozen what do I do? At the moment there is nothing else on the desktop; no start menu or icons. So I'm loathe to close down the program either with task manager or by turning off the laptop without checking just in case I lose something. Hoping someone reads this soon as it's gonna be hard to sleep with this machine buzzing away (plus my cooling pad has broken and it might overheat) Thanks in advance!

OK computer switched itself off from safe mode. Tried booting normally and it worked, so have been able to do the scans. Here are the logs. Is it worth uninstalling rapport? Malwarebytes' Anti-Malware 1.51.2.1300 http://www.malwarebytes.org Database version: 7899 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 08/10/2011 15:32:11 mbam-log-2011-10-08 (15-32-10).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 383621 Time elapsed: 4 hour(s), 12 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL: OTL logfile created on: 15/10/2011 13:43:30 - Run 1 OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Emma\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 30.06% Memory free 3.99 Gb Paging File | 2.28 Gb Available in Paging File | 57.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.22 Gb Total Space | 6.16 Gb Free Space | 8.30% Space Free | Partition Type: NTFS Drive D: | 73.36 Gb Total Space | 25.17 Gb Free Space | 34.31% Space Free | Partition Type: NTFS Computer Name: EMMAD | User Name: Emma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Emma\Downloads\OTL (1).scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll () MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - c:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () ========== Win32 Services (SafeList) ========== SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (RapportCerberus_29574) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys () DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [2011/09/18 11:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions [2009/07/21 19:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/09/18 11:43:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/26 17:20:19 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/07/10 10:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/09/14 13:41:12 | 000,002,506 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Emma\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9C3F09-4BD6-480F-BF26-4E5DC5A315CE}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Pictures\2011\8. August\13th August (15).JPG O24 - Desktop BackupWallPaper: D:\Pictures\2011\8. August\13th August (15).JPG O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/10/08 15:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/10/08 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/10/08 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/10/08 15:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/10/08 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/10/08 15:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/10/08 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/08 11:09:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView [2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft [2011/10/03 13:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(208) [2011/10/03 13:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(209) [2011/10/03 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(7) [2011/10/03 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(223) [2011/10/03 13:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(6) [2011/09/26 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\WinBatch [2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/09/18 12:44:41 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/10/15 14:04:17 | 000,001,669 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/10/15 13:48:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job [2011/10/15 13:46:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/10/15 13:40:07 | 000,002,133 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/10/15 13:39:52 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/10/15 13:39:52 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/10/15 13:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/15 13:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/15 13:25:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/10/15 13:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/15 13:13:27 | 190,560,658 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/10/11 18:25:08 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Emma.job [2011/10/11 12:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job [2011/10/08 15:24:28 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/10/08 15:16:55 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/10/08 11:50:17 | 000,002,042 | ---- | M] () -- C:\Users\Emma\Desktop\Google Chrome.lnk [2011/10/08 11:50:17 | 000,002,004 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/10/08 11:09:38 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/10/15 14:04:17 | 000,001,669 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/10/15 13:39:30 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/10/08 15:24:28 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/10/08 15:16:55 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/10/08 11:09:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/28 21:01:34 | 190,560,658 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/09/18 12:44:49 | 000,002,042 | ---- | C] () -- C:\Users\Emma\Desktop\Google Chrome.lnk [2011/09/18 12:44:49 | 000,002,004 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/09/18 12:43:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job [2011/09/18 12:43:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job [2011/07/04 19:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{971E2D65-42E5-4715-98F3-613D78005FD8} [2011/07/03 12:44:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{23BE781A-F9BF-4898-B4E3-ACA1D0C0F4B9} [2010/07/19 20:47:48 | 000,000,680 | ---- | C] () -- C:\Users\Emma\AppData\Local\d3d9caps.dat [2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2010/05/06 16:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010/05/06 16:27:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010/04/04 22:22:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010/04/04 22:22:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010/02/11 00:14:01 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/02/11 00:14:00 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/02/11 00:14:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/02/11 00:14:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/02/11 00:14:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll [2009/09/20 11:40:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/09/19 11:11:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/09/11 11:59:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/11 11:59:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/21 19:55:24 | 000,157,184 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/21 17:39:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/07/20 18:54:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2009/07/20 18:52:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009/07/20 18:52:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009/07/20 18:52:23 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009/07/20 18:52:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2009/04/23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/02/22 12:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008/02/22 12:16:45 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008/02/22 12:16:45 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008/02/22 12:16:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008/02/22 12:16:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008/02/22 11:27:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/02/22 11:26:12 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/02/22 11:26:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/01/28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll [2008/01/28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll [2008/01/28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll [2008/01/28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll [2008/01/28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll [2008/01/28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,447,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/05/28 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Amazon [2010/11/30 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitTorrent [2011/03/11 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitZipper [2011/10/15 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Dropbox [2011/10/12 00:34:57 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\FrostWire [2009/08/04 20:32:10 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\GARMIN [2009/10/04 14:35:47 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\GetRightToGo [2010/10/24 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\LimeWire [2010/05/27 03:29:54 | 000,000,000 | -HSD | M] -- C:\Users\Emma\AppData\Roaming\lkfhff [2009/11/25 21:38:42 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\OpenOffice.org [2010/05/09 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\SPSSInc [2009/07/21 17:57:04 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Toshiba [2009/09/18 14:36:09 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Trusteer [2011/09/26 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\WinBatch [2011/03/29 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Windows Live Writer [2011/10/12 00:37:23 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/12/17 20:41:18 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2BBCE6FC-CF1E-4531-9799-2F8987D23650}.job ========== Purity Check ========== ========== Custom Scans ========== < :OTL > < SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem) > < SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate) > < MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - Reg Error: Value error. - File not found > < O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () > < O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () > < O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found > < :files > < C:\Program Files\StartNow Toolbar\ > < :reg > < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] > < "AntiVirusOverride" = 0 > < End of report > OTL Extras logfile created on: 15/10/2011 13:43:30 - Run 1 OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Emma\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 30.06% Memory free 3.99 Gb Paging File | 2.28 Gb Available in Paging File | 57.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.22 Gb Total Space | 6.16 Gb Free Space | 8.30% Space Free | Partition Type: NTFS Drive D: | 73.36 Gb Total Space | 25.17 Gb Free Space | 34.31% Space Free | Partition Type: NTFS Computer Name: EMMAD | User Name: Emma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{312B7C3B-3EEF-4AA8-9A90-F542923B5640}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{62B2CC77-1C7B-4524-A8D2-C38F632D9AAD}" = lport=2869 | protocol=6 | dir=in | app=system | "{B5C369F0-0018-4B5E-834E-49E5238F22E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CFD2D193-D7C9-42FF-A9E9-D808432368B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{D57C1188-F186-4B9F-BEDE-490F84A78833}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008EDA79-C101-46B9-B1C5-D78DE3F83DA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{079B959D-B0F4-4D97-94F4-D9D0BE1A6E53}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{0D65508F-377D-4395-954E-B0914F53FA7D}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{0F989579-D4C9-4983-8478-A76CE046DFD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{17106A8F-F048-479C-ADFC-2462594BBB3C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{224799D3-77B5-4B25-855D-BFBB3CF36803}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{288B9BD3-AC85-4ECA-BCC6-7AD76F48F3DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{34550870-51C5-4798-AA08-B767D02986D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{3CF9548A-4AAD-447E-8F5A-FFD28ABBA6B9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{4294FFBC-CEFB-440F-AE07-E1B26C0E4640}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{4F202009-BADC-44DE-8667-F0EFF6AE972C}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe | "{567AD9C2-D06F-42D0-B209-1F76497344D7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{5B931ED2-4C67-4935-B58D-7F45A3996B05}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{600C80D8-E9BC-4BC9-8EE3-51B98F51C87B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{6C001B1D-24C3-4404-A5A1-0F9F74BAECEB}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe | "{7CA2AF7F-AED9-432A-B91B-2CA3C39B151C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7ECD591B-8A2B-4CEB-8728-0A86F3FB59D2}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{8B417116-F88D-4C1B-B382-8FFB0E984041}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | "{8BC199E1-0858-4882-8C5F-4D93E5F78768}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe | "{8BDD235D-69FD-4308-8A25-8DD686132512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{90CD9A23-C34C-4F1E-92A7-7C6268404358}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{90CF54A7-E115-4A11-8606-C8F4C247D9F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9291C2AC-D561-4B81-890F-B023A7DAB8A7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{A1EE3DF7-552B-465E-A861-C19D7028C739}" = protocol=17 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe | "{A5417FB6-1B59-449A-8ACF-DDA704FF052A}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{A6E15514-0395-46BF-A0B0-8CBF745E2967}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{AF03C0D3-08CF-41D1-9ECE-6444436F6F3A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{B7680F72-54D0-4060-BBEE-15FC76D31A3F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BF769642-04E7-4F35-A8D3-901BCBACEDA8}" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe | "{D93EA8F8-E2A0-4C76-8248-0BFFB178FAF2}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{DE5B7B4F-F7ED-45C7-BF6E-65130C7F6B0F}" = protocol=6 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe | "{E31120E0-FF05-4AEF-83A6-390BC9A5D938}" = dir=in | app=c:\program files\itunes\itunes.exe | "{E459D302-BF72-47F8-A9B4-B102548AA074}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "{E7F8D8D7-B4B8-4E8C-83AB-980F143A677F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{EBB5552F-ADAC-4A41-838C-9804FA03F463}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{EC1AB87E-7670-4FC5-B060-35FFAF4A19F1}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe | "{F00D0905-F5D7-4FBB-9D31-B7C4BB78C369}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F279F593-8DD5-4B89-82E7-398090008A68}" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe | "TCP Query User{08731F5E-ED2D-4A88-83D8-22301C1E5C38}C:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe | "TCP Query User{10526125-5B04-47AC-8C46-5D0C9E19B344}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{129B22CF-D82D-44A9-8A9C-A182619CA862}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "TCP Query User{383DD9C7-8F61-4A1C-AD83-629FD0E855B2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{5BB6B90C-87C7-4B5D-BA76-1E10143104AD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{5CCBD9E0-63D6-4D8C-8E76-859BE0763DB5}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{84269020-C4C3-47B4-B0FA-2D7DC3E31698}C:\program files\blubster\blubster.exe" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe | "TCP Query User{8B8175F8-3CAB-4250-9AEA-14087425F591}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{9C098753-8275-4EAD-90BF-963EA38860F1}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{BE53257E-6059-40EB-B92F-4462A3B9ADAD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D64DAE81-FA17-4BC0-AD84-4AFD4A57110D}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "TCP Query User{DB3AC263-EDD2-4FA6-8282-F1437390FB0E}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{448D2F00-0523-420F-8159-79F0EBD95332}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{6032915F-499A-47E8-A5D6-CA7A4FAB1540}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{78043723-FCB1-4AF4-8EF1-8A72DD71A004}C:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe | "UDP Query User{7CAA3B2F-38E9-4FE7-8975-321B4EFF9146}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{7EE9B796-C1A5-4A17-B2F6-1328C8B5E176}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{B370747E-0C31-4E34-8D94-2401136B871B}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "UDP Query User{C353B1D6-919F-4F8C-94FC-119A61B30CD3}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{C802F48E-1A05-4E54-AFE8-F32FAA0B0203}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{C8AC80A6-FD3A-413F-B9CE-F7C5AA62E084}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{E76A913A-66A5-4F66-BE07-4C89E681EC05}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{E82B07AD-D8BE-4018-A0EF-30DCE08A2EE3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F2685BB2-24E6-46A2-BC91-BBAF988CAF03}C:\program files\blubster\blubster.exe" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese "{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech "{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek "{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish "{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common "{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy "{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E73E80C-2C31-3CCB-735F-D611C3230893}" = ccc-utility "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS "{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish "{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean "{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "BearShare MediaBar" = MediaBar "BitZipper_is1" = BitZipper 2010 "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "EADM" = EA Download Manager "ENTERPRISER" = Microsoft Office Enterprise 2007 "FrostWire" = FrostWire 4.21.6 "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "myphotobook" = myphotobook 3.5 "NirSoft BlueScreenView" = NirSoft BlueScreenView "NSS" = Norton Security Scan "Picasa2" = Picasa 2 "Rapport_msi" = Rapport "Searchqu 406 MediaBar" = Windows iLivid Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.1 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

MBAM didn't pick up anything. That's why it's partly frustrating. If I had a raging virus I could understand! Managed to boot in safe mode as advised and no bsod. I await your next instruction :)

Yeah I downloaded rapport for my Internet banking. I re-ran MBAM but before I could run the other I'm plagued by the blue screen again, and start up repair isn't working. Anything I can do? Getting a bit frustrated with a laptop that doesn't reliably start :( Thanks