Computer won't start

urmaserendipity85 · October 5, 2011

Hi all, I'm new here and hoping you can help.

My laptop has decided it doesn't want to play anymore.

Everytime I start it, I get a blue screen with a whole load of writing on. Then I'm told my computer was unable to start and it recommends that I choose startup repair. This happened a few days ago, and startup repair solved the problem. However I came on here, read the posts and did the scans recommended. Now startup repair isn't even working. It's constantly coming up with the blue screen, no matter how many times I go through startup repair. Obviously I can't post the logs of the scans now.

Please tell me my computer isn't doomed :(

Thanks

maynardvdm · October 6, 2011

Hi

Welcome to Extreme Tech Support - Free PC Help

Could you tell us the error message of the blue screen as they all have different meanings and in most cases it is hardware(RAM or HDD) related.

etavares · October 6, 2011

In addition to posting about the error that maynardvdm requested (e.g. Stop 0x0000000A IRQL_NOT_LESS_OR_EQUAL) please also let us know which scans you did (e.g. MBAM, OTL, aswMBR, etc.) and if MBAM found anything you had to remove. Some error codes can be related to malware, specifically infected/patched files that were removed by antiviruses but are critical to boot your computer.

urmaserendipity85 · October 6, 2011

Thanks both for your messages. The error says that a driver has overrun a stack based buffer.*It advises me to remove any newly installed hardware (there is none).

The technical info is : *** STOP : 0x000000 F7 (0x8059989A, and then the rest seems to change each time, though the next bit always starts 0x90C77DB8.

Hope this helps, do let me know if you need any more info. I ran MBAM and OTL. Nothing was found.

urmaserendipity85 · October 6, 2011

Update: somehow my computer started. Can't connect to Internet and got an error message saying I need to install driver software for my WLAN USB 2.0?

Here in the info that came up about the problem:

Problem signature:

Problem event name: BlueScreen

OS Version: 6.0.6002.2.2.0.768.3

localeID: 2057

Additional info about the problem:

BCCode: f7

BCP1: 8059989A

BCP2: 90C7CDD6

BCP3: 6F383229

BCP4: 00000000

OS version: 6_0_6002

service pack: 2_0

product: 768_1

Hope that helps

etavares · October 6, 2011

That can be a bad driver, or a buffer overflow attack. Let's look at the error...can you download and use a USB flash drive to move a program over to the computer then back to your working computer? If so:

Please download BlueScreenView and save it to your desktop. Extract the ZIP file to your computer, then run BlueScreenView.exe.

After it's done scanning, please select Edit --> Select All from the menu.

Select File --> Save Selected Items and save it to your desktop as BSVLog.txt or a similar name.

Please open the logfile with Notepad copy/paste the contents here.

urmaserendipity85 · October 6, 2011

Unfortunately don't have access to another computer. I'm doing all my communication for here through my phone :(

Would anything still work?

maynardvdm · October 7, 2011

Can you start the computer in Safe Mode?

Normally by tapping F8 when the computer boots up.

urmaserendipity85 · October 7, 2011

I've always had difficulty getting this laptop to start in safe mode that way. However if it continues to start as normal by the time I have an instruction I believe I can set the computer to start in safe mode before I restart, is that right? Perhaps whichever kind person gives me an instruction for when the computer is in safe mode could also remind me how to do this :)

urmaserendipity85 · October 7, 2011

Update: startup repair worked this time, computer has started and internet is back up and running. All seems a bit strange! Anyway, I downloaded the bluescreenview thing, here is the log file:

==================================================

Dump File : Mini100711-01.dmp

Crash Time : 07/10/2011 17:44:44

Bug Check String : DRIVER_OVERRAN_STACK_BUFFER

Bug Check Code : 0x000000f7

Parameter 1 : 0x8059989a

Parameter 2 : 0x95474955

Parameter 3 : 0x6ab8b6aa

Parameter 4 : 0x00000000

Caused By Driver : RapportEI.sys

Caused By Address : RapportEI.sys+a955

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cdb3f

Stack Address 1 : RapportEI.sys+440d

Stack Address 2 : RapportEI.sys+332f

Stack Address 3 : RapportEI.sys+2e7d

Computer Name :

Full Path : C:\Windows\Minidump\Mini100711-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 6002

Dump File Size : 133,528

==================================================

Dump File : Mini100311-01.dmp

Crash Time : 03/10/2011 20:13:44

Bug Check String : DRIVER_OVERRAN_STACK_BUFFER

Bug Check Code : 0x000000f7

Parameter 1 : 0x8059989a

Parameter 2 : 0x90e74d14

Parameter 3 : 0x6f18b2eb

Parameter 4 : 0x00000000

Caused By Driver : RapportEI.sys

Caused By Address : RapportEI.sys+bd14

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cdb3f

Stack Address 1 : RapportEI.sys+440d

Stack Address 2 : RapportEI.sys+332f

Stack Address 3 : RapportEI.sys+2e7d

Computer Name :

Full Path : C:\Windows\Minidump\Mini100311-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 6002

Dump File Size : 133,528

==================================================

Dump File : Mini100211-01.dmp

Crash Time : 02/10/2011 20:26:02

Bug Check String : DRIVER_OVERRAN_STACK_BUFFER

Bug Check Code : 0x000000f7

Parameter 1 : 0x8059989a

Parameter 2 : 0x90e7bdc4

Parameter 3 : 0x6f18423b

Parameter 4 : 0x00000000

Caused By Driver : RapportEI.sys

Caused By Address : RapportEI.sys+bdc4

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cdb3f

Stack Address 1 : RapportEI.sys+440d

Stack Address 2 : RapportEI.sys+332f

Stack Address 3 : RapportEI.sys+2e7d

Computer Name :

Full Path : C:\Windows\Minidump\Mini100211-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 6002

Dump File Size : 133,528

==================================================

Dump File : Mini092811-01.dmp

Crash Time : 28/09/2011 21:01:48

Bug Check String : DRIVER_OVERRAN_STACK_BUFFER

Bug Check Code : 0x000000f7

Parameter 1 : 0x8059989a

Parameter 2 : 0x8bfeaa31

Parameter 3 : 0x740155ce

Parameter 4 : 0x00000000

Caused By Driver : RapportEI.sys

Caused By Address : RapportEI.sys+ba31

File Description :

Product Name :

Company :

File Version :

Processor : 32-bit

Crash Address : ntkrnlpa.exe+cdb3f

Stack Address 1 : RapportEI.sys+440d

Stack Address 2 : RapportEI.sys+332f

Stack Address 3 : RapportEI.sys+2e7d

Computer Name :

Full Path : C:\Windows\Minidump\Mini092811-01.dmp

Processors Count : 2

Major Version : 15

Minor Version : 6002

Dump File Size : 133,528

==================================================

maynardvdm · October 7, 2011

Hi

One of the security experts will help you soon, this looks like their expertise will come into play. I will also recommend not sending sensitive information over the internet untill a security expert has given you the all clear.

etavares · October 7, 2011

Hi,

It appears that Trusteer is what is causing that crash. It's a legitimate program that some banks use to provide a secure log-in. It could be completely normal and just a conflict between that software's driver and other drivers. To be safe, let's look for malware though. Please follow these instructions to prepare your system and generate logs I can look over to determine if this is just a conflict, or malware.

Thanks!

-etavares

urmaserendipity85 · October 15, 2011

Yeah I downloaded rapport for my Internet banking.

I re-ran MBAM but before I could run the other I'm plagued by the blue screen again, and start up repair isn't working. Anything I can do? Getting a bit frustrated with a laptop that doesn't reliably start :(

Thanks

etavares · October 15, 2011

That is terribly frustrating. Are you able to boot into safe mode? Start tapping F8 when you see the Windows logo and you'll get a menu. Use the arrow keys to select Safe Mode with Networking. Are you able to boot without the BSOD that way? If so, please continue. Did MBAM detect anything when you ran it?

urmaserendipity85 · October 15, 2011

MBAM didn't pick up anything. That's why it's partly frustrating. If I had a raging virus I could understand!

Managed to boot in safe mode as advised and no bsod. I await your next instruction :)

urmaserendipity85 · October 15, 2011

OK computer switched itself off from safe mode. Tried booting normally and it worked, so have been able to do the scans. Here are the logs. Is it worth uninstalling rapport?

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

Database version: 7899

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

08/10/2011 15:32:11

mbam-log-2011-10-08 (15-32-10).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 383621

Time elapsed: 4 hour(s), 12 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL:

OTL logfile created on: 15/10/2011 13:43:30 - Run 1

OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Emma\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 30.06% Memory free

3.99 Gb Paging File | 2.28 Gb Available in Paging File | 57.10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.22 Gb Total Space | 6.16 Gb Free Space | 8.30% Space Free | Partition Type: NTFS

Drive D: | 73.36 Gb Total Space | 25.17 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

Computer Name: EMMAD | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Emma\Downloads\OTL (1).scr (OldTimer Tools)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)

PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()

PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()

PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

PRC - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)

PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)

PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll ()

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll ()

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll ()

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll ()

MOD - C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll ()

MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()

MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()

MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()

MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()

MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()

MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()

MOD - c:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()

========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)

SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (RapportCerberus_29574) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)

DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )

DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)

DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

[2011/09/18 11:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions

[2009/07/21 19:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2011/09/18 11:43:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/26 17:20:19 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/07/10 10:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/09/14 13:41:12 | 000,002,506 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Emma\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Emma\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()

O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found

O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)

O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()

O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9C3F09-4BD6-480F-BF26-4E5DC5A315CE}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Pictures\2011\8. August\13th August (15).JPG

O24 - Desktop BackupWallPaper: D:\Pictures\2011\8. August\13th August (15).JPG

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 15:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/10/08 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/10/08 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/10/08 15:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/10/08 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/10/08 15:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/10/08 11:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/08 11:09:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView

[2011/10/07 18:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft

[2011/10/03 13:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(208)

[2011/10/03 13:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(209)

[2011/10/03 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(7)

[2011/10/03 13:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(223)

[2011/10/03 13:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(6)

[2011/09/26 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\WinBatch

[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/09/18 12:44:41 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/15 14:04:17 | 000,001,669 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2011/10/15 13:48:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job

[2011/10/15 13:46:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/15 13:40:07 | 000,002,133 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/10/15 13:39:52 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/10/15 13:39:52 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/10/15 13:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 13:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 13:25:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/15 13:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/10/15 13:13:27 | 190,560,658 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/10/11 18:25:08 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Emma.job

[2011/10/11 12:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job

[2011/10/08 15:24:28 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/10/08 15:16:55 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/10/08 11:50:17 | 000,002,042 | ---- | M] () -- C:\Users\Emma\Desktop\Google Chrome.lnk

[2011/10/08 11:50:17 | 000,002,004 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/10/08 11:09:38 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 14:04:17 | 000,001,669 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2011/10/15 13:39:30 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/10/08 15:24:28 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/10/08 15:16:55 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/10/08 11:09:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/28 21:01:34 | 190,560,658 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/09/18 12:44:49 | 000,002,042 | ---- | C] () -- C:\Users\Emma\Desktop\Google Chrome.lnk

[2011/09/18 12:44:49 | 000,002,004 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/09/18 12:43:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000UA.job

[2011/09/18 12:43:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1311213406-2224016735-102446658-1000Core.job

[2011/07/04 19:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{971E2D65-42E5-4715-98F3-613D78005FD8}

[2011/07/03 12:44:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\{23BE781A-F9BF-4898-B4E3-ACA1D0C0F4B9}

[2010/07/19 20:47:48 | 000,000,680 | ---- | C] () -- C:\Users\Emma\AppData\Local\d3d9caps.dat

[2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2010/05/09 15:58:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll

[2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll

[2010/05/09 15:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll

[2010/05/06 16:27:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2010/05/06 16:27:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2010/04/04 22:22:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2010/04/04 22:22:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2010/02/11 00:14:01 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/02/11 00:14:00 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe

[2010/02/11 00:14:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/02/11 00:14:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/02/11 00:14:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll

[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll

[2009/09/20 11:40:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/09/19 11:11:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/09/11 11:59:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/11 11:59:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/21 19:55:24 | 000,157,184 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/21 17:39:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/07/20 18:54:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll

[2009/07/20 18:52:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2009/07/20 18:52:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2009/07/20 18:52:23 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2009/07/20 18:52:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2009/04/23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/02/22 12:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/02/22 12:16:45 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/02/22 12:16:45 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/02/22 12:16:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/02/22 12:16:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/02/22 12:16:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/02/22 11:27:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/02/22 11:26:12 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/02/22 11:26:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/01/28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008/01/28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008/01/28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008/01/28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008/01/28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008/01/28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,447,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/05/28 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Amazon

[2010/11/30 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitTorrent

[2011/03/11 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitZipper

[2011/10/15 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Dropbox

[2011/10/12 00:34:57 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\FrostWire

[2009/08/04 20:32:10 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\GARMIN

[2009/10/04 14:35:47 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\GetRightToGo

[2010/10/24 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\LimeWire

[2010/05/27 03:29:54 | 000,000,000 | -HSD | M] -- C:\Users\Emma\AppData\Roaming\lkfhff

[2009/11/25 21:38:42 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\OpenOffice.org

[2010/05/09 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\SPSSInc

[2009/07/21 17:57:04 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Toshiba

[2009/09/18 14:36:09 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Trusteer

[2011/09/26 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\WinBatch

[2011/03/29 22:36:52 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Windows Live Writer

[2011/10/12 00:37:23 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/17 20:41:18 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2BBCE6FC-CF1E-4531-9799-2F8987D23650}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem) >

< SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate) >

< MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - Reg Error: Value error. - File not found >

< O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () >

< O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () >

< O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found >

< :files >

< C:\Program Files\StartNow Toolbar\ >

< :reg >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >

< "AntiVirusOverride" = 0 >

< End of report >

OTL Extras logfile created on: 15/10/2011 13:43:30 - Run 1

OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Emma\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 30.06% Memory free

3.99 Gb Paging File | 2.28 Gb Available in Paging File | 57.10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.22 Gb Total Space | 6.16 Gb Free Space | 8.30% Space Free | Partition Type: NTFS

Drive D: | 73.36 Gb Total Space | 25.17 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

Computer Name: EMMAD | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{312B7C3B-3EEF-4AA8-9A90-F542923B5640}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{62B2CC77-1C7B-4524-A8D2-C38F632D9AAD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B5C369F0-0018-4B5E-834E-49E5238F22E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{CFD2D193-D7C9-42FF-A9E9-D808432368B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{D57C1188-F186-4B9F-BEDE-490F84A78833}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{008EDA79-C101-46B9-B1C5-D78DE3F83DA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{079B959D-B0F4-4D97-94F4-D9D0BE1A6E53}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{0D65508F-377D-4395-954E-B0914F53FA7D}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{0F989579-D4C9-4983-8478-A76CE046DFD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{17106A8F-F048-479C-ADFC-2462594BBB3C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{224799D3-77B5-4B25-855D-BFBB3CF36803}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{288B9BD3-AC85-4ECA-BCC6-7AD76F48F3DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{34550870-51C5-4798-AA08-B767D02986D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3CF9548A-4AAD-447E-8F5A-FFD28ABBA6B9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{4294FFBC-CEFB-440F-AE07-E1B26C0E4640}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{4F202009-BADC-44DE-8667-F0EFF6AE972C}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |

"{567AD9C2-D06F-42D0-B209-1F76497344D7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{5B931ED2-4C67-4935-B58D-7F45A3996B05}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{600C80D8-E9BC-4BC9-8EE3-51B98F51C87B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{6C001B1D-24C3-4404-A5A1-0F9F74BAECEB}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |

"{7CA2AF7F-AED9-432A-B91B-2CA3C39B151C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7ECD591B-8A2B-4CEB-8728-0A86F3FB59D2}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{8B417116-F88D-4C1B-B382-8FFB0E984041}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{8BC199E1-0858-4882-8C5F-4D93E5F78768}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |

"{8BDD235D-69FD-4308-8A25-8DD686132512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{90CD9A23-C34C-4F1E-92A7-7C6268404358}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{90CF54A7-E115-4A11-8606-C8F4C247D9F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{9291C2AC-D561-4B81-890F-B023A7DAB8A7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{A1EE3DF7-552B-465E-A861-C19D7028C739}" = protocol=17 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe |

"{A5417FB6-1B59-449A-8ACF-DDA704FF052A}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{A6E15514-0395-46BF-A0B0-8CBF745E2967}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{AF03C0D3-08CF-41D1-9ECE-6444436F6F3A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{B7680F72-54D0-4060-BBEE-15FC76D31A3F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{BF769642-04E7-4F35-A8D3-901BCBACEDA8}" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe |

"{D93EA8F8-E2A0-4C76-8248-0BFFB178FAF2}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{DE5B7B4F-F7ED-45C7-BF6E-65130C7F6B0F}" = protocol=6 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe |

"{E31120E0-FF05-4AEF-83A6-390BC9A5D938}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E459D302-BF72-47F8-A9B4-B102548AA074}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{E7F8D8D7-B4B8-4E8C-83AB-980F143A677F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{EBB5552F-ADAC-4A41-838C-9804FA03F463}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{EC1AB87E-7670-4FC5-B060-35FFAF4A19F1}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |

"{F00D0905-F5D7-4FBB-9D31-B7C4BB78C369}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F279F593-8DD5-4B89-82E7-398090008A68}" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe |

"TCP Query User{08731F5E-ED2D-4A88-83D8-22301C1E5C38}C:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe |

"TCP Query User{10526125-5B04-47AC-8C46-5D0C9E19B344}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{129B22CF-D82D-44A9-8A9C-A182619CA862}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"TCP Query User{383DD9C7-8F61-4A1C-AD83-629FD0E855B2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{5BB6B90C-87C7-4B5D-BA76-1E10143104AD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{5CCBD9E0-63D6-4D8C-8E76-859BE0763DB5}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{84269020-C4C3-47B4-B0FA-2D7DC3E31698}C:\program files\blubster\blubster.exe" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe |

"TCP Query User{8B8175F8-3CAB-4250-9AEA-14087425F591}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{9C098753-8275-4EAD-90BF-963EA38860F1}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{BE53257E-6059-40EB-B92F-4462A3B9ADAD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{D64DAE81-FA17-4BC0-AD84-4AFD4A57110D}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"TCP Query User{DB3AC263-EDD2-4FA6-8282-F1437390FB0E}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"UDP Query User{448D2F00-0523-420F-8159-79F0EBD95332}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{6032915F-499A-47E8-A5D6-CA7A4FAB1540}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{78043723-FCB1-4AF4-8EF1-8A72DD71A004}C:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\local\microsoft\windows\temporary internet files\content.ie5\d955j738\calc[1].exe |

"UDP Query User{7CAA3B2F-38E9-4FE7-8975-321B4EFF9146}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{7EE9B796-C1A5-4A17-B2F6-1328C8B5E176}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"UDP Query User{B370747E-0C31-4E34-8D94-2401136B871B}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"UDP Query User{C353B1D6-919F-4F8C-94FC-119A61B30CD3}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{C802F48E-1A05-4E54-AFE8-F32FAA0B0203}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{C8AC80A6-FD3A-413F-B9CE-F7C5AA62E084}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{E76A913A-66A5-4F66-BE07-4C89E681EC05}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"UDP Query User{E82B07AD-D8BE-4018-A0EF-30DCE08A2EE3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{F2685BB2-24E6-46A2-BC91-BBAF988CAF03}C:\program files\blubster\blubster.exe" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library

"{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese

"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech

"{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek

"{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish

"{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common

"{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy

"{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E73E80C-2C31-3CCB-735F-D611C3230893}" = ccc-utility

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS

"{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish

"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean

"{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"BearShare MediaBar" = MediaBar

"BitZipper_is1" = BitZipper 2010

"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP

"EADM" = EA Download Manager

"ENTERPRISER" = Microsoft Office Enterprise 2007

"FrostWire" = FrostWire 4.21.6

"Google Desktop" = Google Desktop

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"myphotobook" = myphotobook 3.5

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"NSS" = Norton Security Scan

"Picasa2" = Picasa 2

"Rapport_msi" = Rapport

"Searchqu 406 MediaBar" = Windows iLivid Toolbar

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.0.1

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

etavares · October 15, 2011

Hello, urmaserendipity85.

Step 1

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

Step 2

Install ERUNT

This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Please download erunt-setup.exe to your desktop.
Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:

Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
Click OK at the first message box.
Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
Click OK.
Click Yes to create the new folder.
You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.

Step 3

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Searchqu Toolbar

Be sure to reboot when done.

Step 4

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script

Please download OTL from one of the following mirrors if you do not still have it.
- This is first Mirror
- This is the second mirror

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:OTL
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home File not found
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
:COmmands
[EmptyTemp]

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

etavares

etavares · October 18, 2011

Have you had a chance to try that yet?

urmaserendipity85 · October 19, 2011

Thanks, nearly done. Quick question: OTL has stopped responding, and the only thing left in the dialogue box is [EmptyTemp]. Is it doing anything or has it frozen? And if it's frozen what do I do? At the moment there is nothing else on the desktop; no start menu or icons. So I'm loathe to close down the program either with task manager or by turning off the laptop without checking just in case I lose something. Hoping someone reads this soon as it's gonna be hard to sleep with this machine buzzing away (plus my cooling pad has broken and it might overheat)

Thanks in advance!

etavares · October 19, 2011

If it hangs there, something is likely blocking it. YOu should be able to Ctrl-Alt-Delete and kill OTL. After that, press Ctrl-Shift-Esc to bring up task manager and then File --> New Task (run) and type C:\windows\explorer.exe and press Enter and the taskbar should reappear.

urmaserendipity85 · October 19, 2011

Ok, here we go (turned out OTL was just taking its sweet time).

1. aswMBR:

Run date: 2011-10-19 20:25:10

-----------------------------

20:25:10.073 OS Version: Windows 6.0.6002 Service Pack 2

20:25:10.073 Number of processors: 2 586 0x6802

20:25:10.075 ComputerName: EMMAD UserName: Emma

20:25:26.182 Initialize success

20:25:40.416 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:25:40.420 Disk 0 Vendor: TOSHIBA_MK1652GSX LV010M Size: 152627MB BusType: 3

20:25:42.468 Disk 0 MBR read successfully

20:25:42.471 Disk 0 MBR scan

20:25:42.474 Disk 0 Windows VISTA default MBR code

20:25:42.484 Disk 0 scanning sectors +312578048

20:25:42.638 Disk 0 scanning C:\Windows\system32\drivers

20:26:23.855 Service scanning

20:26:32.786 Modules scanning

20:27:19.582 Disk 0 trace - called modules:

20:27:19.631 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys

20:27:19.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8945cac8]

20:27:19.642 3 CLASSPNP.SYS[8bf198b3] -> nt!IofCallDriver -> [0x894698f8]

20:27:19.647 5 acpi.sys[86e0c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8944fb98]

20:27:19.999 Scan finished successfully

20:28:06.870 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"

20:28:06.904 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"

2. ERUNT: I ran it, everything was fine, but after rebooting following OTL, I have the following error message: Unable to create file: C:\Windows\ERDNT\AutoBackup\19-10-2011\ERDNT.INF Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.

Not sure why this only came up after rebooting, hope it doesn't mean anything sinister. Everything seems to be working fine anyway.

3. Searchqu toolbar wasn't there.

4. OTL:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Blubster deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.

Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}

C:\Windows\Downloaded Program Files\SETUP.INF moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | 1 /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Emma

->Temp folder emptied: 37635324 bytes

->Temporary Internet Files folder emptied: 1735429975 bytes

->Java cache emptied: 55768868 bytes

->Google Chrome cache emptied: 12184172 bytes

->Flash cache emptied: 252330 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 351483684 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2419034344 bytes

Total Files Cleaned = 4,398.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10192011_203539

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hope this helps, thanks so much (and hope I haven't screwed it up!)

etavares · October 20, 2011

Hello, urmaserendipity85.

Sorry, I meant to warn you about that error with ERUNT. Just ignore it for now...Vista's security is preventing it from automatically backing up your registry on every boot. IT's ok since we have a manual backup. It will go away when you uninstall ERUNT when we are done.

Step 1

Next, we need to update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 27 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
Save it to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version(s) shown below:
Java 6 Update 26
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u27-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.

Step 2

We need run an OTL Script

Please download OTL from one of the following mirrors if you do not still have it.
- This is first Mirror
- This is the second mirror

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:File
C:\Program Files\Windows iLivid Toolbar\

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

Please don't miss the extra OTL log, not just the fix log, in the instructions above.

Step 3

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
[*]Accept any security warnings from your browser.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*]Push the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

etavares

urmaserendipity85 · October 23, 2011

Updated Java, and ESET found no threats.

OTL fix log: Error: Unable to interpret <:File> in the current context!Error: Unable to interpret <C:\Program Files\Windows iLivid Toolbar\> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 10212011_115710

OTL scan log: OTL logfile created on: 21/10/2011 11:58:04 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emma\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.24% Memory free

3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.22 Gb Total Space | 9.80 Gb Free Space | 13.21% Space Free | Partition Type: NTFS

Drive D: | 73.36 Gb Total Space | 25.35 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: EMMAD | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Emma\Downloads\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Users\Emma\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)