mtav Posted November 15, 2009 Posted November 15, 2009 I use Windows Mail in Windows Vista and had a large number of message in its Sent Items folder. But today I lost them all, the folder is now empty, and outgoing messages (which DO reach the recipient) are no longer saved in Sent Items. My broadband provider is BT, so messages from Windows Mail go via bt.yahoo.com where outgoing messages were stored in the Sent folder. But that, too, is now empty although I have checked that the option "When sending a message, save a copy in the Sent folder" is still selected. Can anyone tell me (a) how I can get outgoing messages to be saved once again in the Sent Items and Sent folders, and (b) if possible, how I can recover my lost messages? Quote
RandyL Posted November 16, 2009 Posted November 16, 2009 Hi mtav. I can't help you with your yahoo mail but the Save a copy of the sent messages in the 'Sent Items' folder in Windows Mail can be found in Tools>Options>Send. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted November 17, 2009 Author Posted November 17, 2009 The option in Windows Mail to save sent items in the Sent Items folder is already selected, but it still doesn't happen. What is more I am now starting to lose incomng messages. One that came in this morning and I had read has now disappeared, and all messages received from one of my friends over the last two months have also gone. Sounds like a virus. I use Bullguard Antivirus and it is fully enabled and up-to-date. (a) How can I get Mail working again? and (b) Is there any way to recover what seems to have been lost? Quote
RandyL Posted November 17, 2009 Posted November 17, 2009 Considering a few things you mentioned I think now is a good time to post in the malware removal section and then check with your ISP for possible issues. What is your ISP? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted November 17, 2009 Author Posted November 17, 2009 ISP is BT Broadband. Will post in Malware Infection Removal as you suggest. Thanks. Quote
mtav Posted November 17, 2009 Author Posted November 17, 2009 I think I was wrong about my outgoing messages going via bt.yahoo.com and also wrong to say they used to be stored in the Sent folder there. Quote
RandyL Posted November 17, 2009 Posted November 17, 2009 OK Now I'm confused as to exactly what the issue is. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted November 20, 2009 Author Posted November 20, 2009 I hope you have seen my response to this, RandyL, in Malware Infection Removal / Disappearing messages (18 Nov, 11:21) Quote
RandyL Posted November 20, 2009 Posted November 20, 2009 So far your malware thread looks ok. I'm a bit at a loss here. You could try removing the account then adding it back. I know that in OE that sometimes solved glitches. Or you could try a different account and see what happens. Or uncheck to save. Close Windows Mail. Reboot. Recheck to save. As a side note some third party applications can delete them when running cleanup. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted February 7, 2011 Author Posted February 7, 2011 So far your malware thread looks ok. I'm a bit at a loss here. You could try removing the account then adding it back. I know that in OE that sometimes solved glitches. Or you could try a different account and see what happens. Or uncheck to save. Close Windows Mail. Reboot. Recheck to save. As a side note some third party applications can delete them when running cleanup. I have suffered this problem for more than a year now. No messages I send are copied to the Sent Items folder (the folder is still completely empty). If I reply to a message in Inbox it immedialtekly disappears from Inbox. And if I flag a message in Inbox it disappears. I tried removing accounts as RandyL suggests, rebooting the computer and setting them up again. No improvement. Is there any way to remove Windows Mail completely and reinstate it? Incidentally, RandyL says that removing an account and adding it back can solve gliitches in OE -- Windows Mail is directly in Vista rather than in an OS, isn't it? Quote
RandyL Posted February 7, 2011 Posted February 7, 2011 Welcome back mtav. No messages I send are copied to the Sent Items folder Try this. Open Windows Mail. Click Tools>Options>Send. Untic "Save a copy of sent messages in the 'Sent Items' folder. Click Apply>OK. Close and open Windows Mail. No do the same thing but this time tic the box. Yes Windows Mail is bundled with Vista and not a seperate add-on program. Deleting an account can sometimes solve issues with that particular account but I think your issue is with the mail client itself and not your account. I noticed this thread was never finished. http://extremetechsupport.com/forum/malware-infection-removal/8540-disappearing-messages.html Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted February 7, 2011 Author Posted February 7, 2011 Welcome back mtav. Try this. Open Windows Mail. Click Tools>Options>Send. Untic "Save a copy of sent messages in the 'Sent Items' folder. Click Apply>OK. Close and open Windows Mail. No do the same thing but this time tic the box. Yes Windows Mail is bundled with Vista and not a seperate add-on program. Deleting an account can sometimes solve issues with that particular account but I think your issue is with the mail client itself and not your account. I noticed this thread was never finished. http://extremetechsupport.com/forum/malware-infection-removal/8540-disappearing-messages.html Ticked and unticked the box but no improvement, I'm afraid. You are right that I didn't follow up chiaz's offer in 'disappearing messages'. Perhaps I should do so, but it all seemed rather daunting. As an alternative I have been considering using Eudora or Thunderbird on the computer with the problem while continuing to use Windows Mail on the laptop. What do you think? Would it work? Which is the better of the two? Quote
Starbuck Posted February 8, 2011 Posted February 8, 2011 Hi mtav, Sorry for butting in here. I see from the old thread in the malware removal forum, that no scans were actually run. Let's just run one program now, which will give us a lot of info and then we can take it from there. If we rule out malware it'll give everyone a clearer run at things. I'll make this as easy as i can for you: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig activex %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Note: if you have problems adding the 'Custom scan' list, you can add it another way. At the bottom of this post you will see an attachment. Click on this and when asked, save it to your desktop. (it'll be easier to find there) Now to add the 'Custom scan' list..... double click in the Custom Scans/Fixes window (under the blue bar) and allow it to add the file. It will only add a document named scan.txt ..... so don't change the name of the downloaded file. You will see the text added to the scan box. Once added, click: http://img.photobucket.com/albums/v708/starbuck50/runscan.pngscan.txt Quote Member of:UNITE
mtav Posted February 8, 2011 Author Posted February 8, 2011 Many thanks, Starbuck. Total is 91802 characters so must send the two files separately. First: OTL Text OTL logfile created on: 08/02/2011 15:02:57 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mike\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free 5.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free Paging file location(s): c:\pagefile.sys 3067 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 690.72 Gb Total Space | 580.28 Gb Free Space | 84.01% Space Free | Partition Type: NTFS Drive E: | 151.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive K: | 233.76 Gb Total Space | 105.97 Gb Free Space | 45.33% Space Free | Partition Type: NTFS Computer Name: MESH | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/08 14:59:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.scr PRC - [2010/12/19 15:31:38 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe PRC - [2010/12/03 19:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe PRC - [2010/12/03 19:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugin-container.exe PRC - [2010/10/18 19:21:52 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2010/06/15 11:58:57 | 000,348,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2010/06/07 20:05:44 | 002,071,360 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe PRC - [2010/05/27 08:55:39 | 000,298,320 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe PRC - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/11/27 21:44:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/06 23:34:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe PRC - [2009/01/02 12:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/10/29 09:40:12 | 000,058,720 | ---- | M] (Seiko Instruments USA Inc.) -- C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.9\slpcap.exe PRC - [2008/10/27 20:44:03 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2008/05/27 16:02:44 | 000,425,984 | ---- | M] (BroadbandChoices.co.uk) -- C:\Program Files\Broadband Choices\Broadband Choices Speed Tester\SpeedTester.exe PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007/01/08 08:27:12 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPage15\OpWare15.exe PRC - [2007/01/08 08:26:38 | 000,943,656 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPage15\OpAgent.exe PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe PRC - [2005/09/09 00:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe PRC - [2003/03/11 22:26:22 | 000,307,200 | ---- | M] (JITServ) -- C:\Program Files\Down2Home\Down2Home.exe ========== Modules (SafeList) ========== MOD - [2011/02/08 14:59:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.scr MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010/05/27 08:56:12 | 000,098,128 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll ========== Win32 Services (SafeList) ========== SRV - [2010/11/29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2010/09/28 12:29:36 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist) SRV - [2010/06/15 11:58:57 | 000,348,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2010/06/07 20:05:54 | 000,377,664 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire) SRV - [2010/06/07 20:05:52 | 000,251,200 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2010/06/07 20:05:43 | 000,166,208 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2010/05/27 08:56:11 | 000,055,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser) SRV - [2010/05/27 08:55:39 | 000,298,320 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2010/05/27 08:55:38 | 000,133,952 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 20:07:16 | 000,120,144 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc) SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/05/09 15:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService) SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/10/27 20:44:03 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331) SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0) ========== Driver Services (SafeList) ========== DRV - [2011/02/06 18:42:02 | 000,013,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\vdsdk.sys -- (VDSDK) DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917) DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL) DRV - [2010/05/27 08:55:35 | 000,055,888 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy) DRV - [2010/03/01 11:03:41 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka) DRV - [2010/02/23 09:36:03 | 000,318,488 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AfwCore.sys -- (AfwCore) DRV - [2010/02/23 09:36:03 | 000,029,208 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Afw.sys -- (afw) DRV - [2009/03/27 23:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/12/04 19:34:18 | 000,946,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007/11/18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/10/19 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - www.meshcomputersownersclub.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - www.meshcomputersownersclub.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1 FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57}:1.0.2 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76 FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=GOM2&o=16133&locale=en_UK&apn_uid=FDEBEC85-4975-4EE9-88F1-6ACCE53E27FB&apn_ptnrs=QL&apn_sauid=9D36F32D-75ED-49FD-8873-CA01B6F64A14&apn_dtid=YYYYYYYYGB&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2010/05/27 08:47:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/08/12 23:05:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2011/02/06 18:31:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2011/02/06 18:31:30 | 000,000,000 | ---D | M] [2010/02/06 10:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions [2010/02/06 10:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/02/07 22:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions [2010/06/25 20:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/02/06 18:32:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010/11/07 14:07:17 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2011/01/11 10:49:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/01/19 18:35:27 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57} [2011/02/06 18:32:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\engine@conduit.com [2009/08/28 00:20:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\support@ancestry.com [2011/01/27 13:32:52 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\toolbar@ask.com [2011/02/06 18:32:27 | 000,002,571 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\searchplugins\askcom.xml [2010/05/27 08:47:31 | 000,000,000 | ---D | M] (BullGuard Antiphishing Toolbar) -- C:\PROGRAM FILES\BULLGUARD LTD\BULLGUARD\ANTIPHISHING\FF\ANTIPHISHING@BULLGUARD [2009/11/27 21:45:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009/08/12 23:05:16 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2010/06/25 20:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} [2011/02/06 18:32:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} [2010/11/07 14:07:17 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696} [2011/01/11 10:49:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D} [2010/01/19 18:35:27 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{EEBC5C3F-EC4B-4AD4-B5D1-FA51B3C42C57} [2011/02/06 18:32:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2009/08/28 00:20:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\SUPPORT@ANCESTRY.COM [2011/01/27 13:32:52 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {23162633-071E-4D3C-B347-B85451A92DBA} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15\Opware15.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [scanSoft OmniPage 15-reminder] C:\Program Files\ScanSoft\OmniPage15\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [OpAgent] C:\Program Files\ScanSoft\OmniPage15\OpAgent.exe (Nuance Communications, Inc.) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe () O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedTester.lnk = C:\Users\Mike\Application Data\Microsoft\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/12/03 15:01:06 | 000,000,163 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007/11/18 17:10:02 | 000,000,090 | ---- | M] () - K:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{c78e1726-a2f5-11dd-8a18-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2009/12/09 16:03:38 | 000,034,224 | R--- | M] (British Telecommunications) O33 - MountPoints2\{c78e1726-a2f5-11dd-8a18-806e6f6e6963}\Shell\BTHomeHub\command - "" = E:\Setup.exe -- [2009/12/09 16:03:38 | 000,034,224 | R--- | M] (British Telecommunications) O33 - MountPoints2\{f19cd37c-0eec-11e0-a530-0022153cada6}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe O33 - MountPoints2\{f19cd37c-0eec-11e0-a530-0022153cada6}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe O33 - MountPoints2\{f33db951-a49d-11dd-a70d-0022153cada6}\Shell\AutoRun\command - "" = K:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error. ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error. ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/02/06 23:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1 [2011/02/06 18:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011/02/06 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.1 Beta 2 [2011/01/29 18:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2011/01/29 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2011/01/23 14:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011/01/21 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iiyama [2011/01/21 14:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\iiyama monitor test [2011/01/12 06:07:45 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011/01/12 06:07:22 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/08 15:00:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/08 14:51:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/08 14:51:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/08 14:39:40 | 000,617,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/08 14:39:40 | 000,112,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/08 14:33:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4211042484-1496349775-2818423265-1000UA.job [2011/02/08 14:12:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job [2011/02/08 11:00:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/07 15:33:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4211042484-1496349775-2818423265-1000Core.job [2011/02/07 12:55:57 | 000,000,926 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk [2011/02/07 12:54:51 | 000,002,777 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedTester.lnk [2011/02/07 12:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/07 12:51:02 | 2145,927,168 | -HS- | M] () -- C:\hiberfil.sys [2011/02/06 18:31:38 | 000,001,867 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/02/06 18:31:38 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/02/05 07:34:19 | 000,002,079 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk [2011/01/31 11:48:36 | 000,159,232 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/23 14:22:08 | 000,000,934 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2011/01/23 14:22:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/02/06 23:25:21 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1.lnk [2011/02/06 18:31:38 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/09/06 16:25:08 | 000,015,107 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010/08/16 11:15:02 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010/01/27 09:30:41 | 000,000,244 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/02 10:45:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/04/04 17:25:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/02/26 00:06:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008/12/12 00:05:23 | 008,146,944 | ---- | C] () -- C:\Users\Mike\AppData\Local\filesync.metadata [2008/12/04 11:06:49 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2008/11/13 13:34:00 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI [2008/11/13 13:33:07 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2008/11/13 13:33:06 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2008/10/27 20:57:28 | 000,159,232 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/08 19:08:11 | 000,009,760 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2008/05/08 19:07:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2006/11/18 05:01:18 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll [2006/11/18 05:00:36 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/11 03:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2006/02/18 08:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SlpApi42.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVRD32.SYS > [2007/08/09 11:12:00 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=CA4CCEFF1D43F48A289536451FD39D04 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvrd32.sys [2007/08/09 11:12:00 | 000,131,616 | -H-- | M] (NVIDIA Corporation) MD5=CA4CCEFF1D43F48A289536451FD39D04 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvrd32.sys [2007/07/02 17:37:00 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvrd32.sys [2007/07/02 17:37:00 | 000,131,616 | -H-- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvrd32.sys < MD5 for: NVSTOR.SYS > [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvstor32.sys [2007/07/02 17:37:00 | 000,110,112 | -H-- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvstor32.sys [2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sata_ide\nvstor32.sys [2007/07/02 17:37:00 | 000,110,112 | -H-- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sata_ide\nvstor32.sys [2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sata_ide\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | -H-- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sata_ide\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=F2D7CCD75132F19119108E07A4FD0A12 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvstor32.sys [2007/08/09 11:12:00 | 000,110,624 | -H-- | M] (NVIDIA Corporation) MD5=F2D7CCD75132F19119108E07A4FD0A12 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvstor32.sys < MD5 for: SCECLI.DLL > [2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2010/03/05 14:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0CFE8F97 < End of report > Quote
mtav Posted February 8, 2011 Author Posted February 8, 2011 Now the second file. Extras OTL Extras logfile created on: 08/02/2011 15:02:57 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mike\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free 5.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free Paging file location(s): c:\pagefile.sys 3067 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 690.72 Gb Total Space | 580.28 Gb Free Space | 84.01% Space Free | Partition Type: NTFS Drive E: | 151.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive K: | 233.76 Gb Total Space | 105.97 Gb Free Space | 45.33% Space Free | Partition Type: NTFS Computer Name: MESH | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{068BFEF5-4730-4AEB-8E16-F8CB3D9CCBD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0840F033-333D-4464-AC39-BD7D0C667D95}" = lport=137 | protocol=17 | dir=in | app=system | "{09CC05B8-CB95-4055-8F4E-5C08433DF818}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1082D34B-E644-4471-83EF-755445D90B5F}" = rport=139 | protocol=6 | dir=out | app=system | "{15B1D6BB-3378-4421-A29E-CA1C8746C54D}" = lport=138 | protocol=17 | dir=in | app=system | "{3777E15D-24A6-4819-90F2-E4AC35653872}" = lport=139 | protocol=6 | dir=in | app=system | "{3C6132DA-503C-42A7-BDC7-3A65861A8AB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{48AAC51F-AC72-466D-9CD4-426649F09C80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4DB3BD44-7284-4158-8A4C-258DA7F95FBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{53A0AB0D-E5C9-46D1-B372-1B0A6C623FB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{75D68B1B-00BA-4FB4-BE57-A3B20F79EA42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7B63B187-5AAC-4862-96DE-614115FBC814}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86C2D028-14C3-47D5-9516-6915E6C3D8CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8719F933-9782-4475-8C29-6AC5A9D45EF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F32DF7F-8B25-49A7-8E12-20603B6E3EBD}" = lport=445 | protocol=6 | dir=in | app=system | "{94FDEF06-F8AD-4DE3-81C3-A57D800BBCE2}" = rport=445 | protocol=6 | dir=out | app=system | "{993CC7AE-DA28-4371-9A4A-5EA654A2E1C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9AEA70C2-C451-43DF-82F4-DD40C851E444}" = rport=137 | protocol=17 | dir=out | app=system | "{9F11CD11-2BFC-471E-B7EB-D277F2C4B399}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F61905D-C023-49E6-B944-F1DC1F648D93}" = lport=2869 | protocol=6 | dir=in | app=system | "{A369F525-600E-47B4-9AA1-87711A960C17}" = rport=10243 | protocol=6 | dir=out | app=system | "{B82D50CD-1D6E-468D-989E-24D83CB41A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BE94DAED-3FFF-4086-8B48-38DB8095C1D9}" = rport=138 | protocol=17 | dir=out | app=system | "{D09B3E70-7E6C-4986-9E07-88E7E2F401C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D346B19A-0BDA-4EB8-9998-B98A1B867682}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D63E3330-1178-4EF4-AFE4-B01D82007FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E4714201-3EBC-4A92-B74F-707B1FBC7168}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5BCBF66-1C8C-4621-A3E5-ABB0BB6B468D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F79CE022-DEF8-4624-A928-DB2358E56923}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AD083C3-67EF-4C3B-8278-5687967E4571}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D80A688-8963-4158-9257-D797106101CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{14AF5896-F6B9-49D2-86ED-741F7CA80000}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1D4C8D83-A5EF-42B0-BB14-56654ACC546D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1F82ABFD-820E-45FD-A829-4565D09DE52C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{20B304E5-AA8B-4762-9C85-61C8D350DA91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{21B97DDD-3BA3-4603-BC55-D17187E352D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{2C168413-C129-4AA1-9F06-7285B649BA7C}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | "{42C0D48C-0238-4086-BB94-C3D5F5A35C9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4554D569-F972-4EB8-B676-36002D6B60CE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | "{4A428F56-6BD3-4F9A-A2FB-23984BE323A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5075A9E0-E38C-43DB-A194-DCD33F9163D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6E639149-48CD-485C-A0ED-A700CD331090}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6E9D3A2A-24DE-4BB2-96CD-E49995A17EC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{78B1895D-C3FF-4B05-A871-2159B0A2805A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7B960E0B-0AD6-4BD0-8B4E-2F57759CC4AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7E8D153E-5838-458B-A5D1-DF80D0EA492B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{87E5315C-0323-4C25-AD04-15625F25DFD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8D41E7FB-1492-41C5-8CF4-2029D8D51EB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F316132-D3E7-48D0-8F4B-7241CC01BAFE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{929C7641-8C60-4828-BE88-3F38F27626B3}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe | "{A0FD533A-1FAC-4FAC-B1FA-31EBAD7F0D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A15E5F76-A576-4E45-8771-C0312655E305}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{B3F2A41A-6B45-40BD-8E89-626500929DA6}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | "{B9D84C95-46A7-48CE-A826-ED19ECA24BB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1C92110-66C6-4C4B-B392-21929B3617EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C607EC33-A7E2-45A7-96FE-19DB6B29073A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CA5CEFF3-F3E1-4A29-BE48-2EBDAD33DCF8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | "{CB633679-AFBE-4551-A2B9-EDA7DBE79C2C}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe | "{D11D9DB2-E52F-4263-837B-07D355C1D0D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D1D4FB87-3391-4E41-927B-F50CE6F1AFB4}" = dir=in | app=c:\program files\itunes\itunes.exe | "{E5982BFA-8AA5-46C9-9E93-EDA58C17E963}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | "{EAEEA5F7-58A3-4125-BA4A-BCEA1AB8FE6C}" = protocol=6 | dir=out | app=system | "TCP Query User{125EEE4C-0F5A-4CB2-A2A9-B600B9BE16B7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{3F41D838-2EC3-4A5B-A19B-864FBE2060A4}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe | "TCP Query User{7DCC792C-E322-4913-8B67-73268418041C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A227A7B8-4C74-4ED6-9A4F-34EA22DFD6C9}C:\program files\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\program files\rfactor\rfactor.exe | "TCP Query User{B012E59D-609B-441D-B4E7-0B64DC9312E6}C:\program files\mozilla firefox 3.1 beta 2\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 2\firefox.exe | "TCP Query User{C6ED5F0C-0553-4680-A991-E5DF1F969888}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{226DC9E6-272C-47E1-9161-0C524D92C44C}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe | "UDP Query User{36767663-5A56-40B0-9097-7D76BE2430C1}C:\program files\mozilla firefox 3.1 beta 2\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 2\firefox.exe | "UDP Query User{3A14949E-7374-433D-B9B1-068EC3763A65}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{67C7F74E-7806-4805-A8E9-5507069FAD0D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{B8876EAE-AD17-4435-8080-BDBBC7FB05DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{CAD76BFE-14E1-4B69-8416-09C87E7FA4C2}C:\program files\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\program files\rfactor\rfactor.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86) "{116D1725-3193-49AF-8999-036D385F701E}" = Desktop Restore "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 23 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{32729FF3-AD6A-45CC-8E55-E1916420F7F1}" = Broadband Choices Speed Tester "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DEFCEA84-FE98-460D-8B54-7D9653432390}" = ScanSoft OmniPage 15 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE798051-986A-474A-AD4F-466504373187}" = Smart Label Printer 6.9 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "4oD" = 4oD "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "AI RoboForm" = AI RoboForm (All Users) "Ashampoo Snap 3_is1" = Ashampoo Snap 3.40 "Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.24 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "BullGuard" = BullGuard 9.0 "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player "CSCLIB" = Canon Camera Support Core Library "DBXTriever_is1" = DBXTriever 3.20 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Down2Home" = Down2Home "EOS Utility" = Canon Utilities EOS Utility "GOM Player" = GOM Player "Google Desktop" = Google Desktop "GoToAssist" = GoToAssist Corporate "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "hp deskjet 990c series" = hp deskjet 990c series (Remove only) "iiyama Monitor Test_is1" = iiyama Monitor Test 2.1 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MyAshampoo Toolbar" = MyAshampoo Toolbar "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "Rapport_msi" = Rapport "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 12.0" = RealPlayer "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "Replay Media Catcher 3.02" = Replay Media Catcher 3.02 "rFactor" = rFactor (remove only) "SMART PANEL for Scanner" = EPSON SMART PANEL for Scanner "TreeSize Professional_is1" = TreeSize Professional 5.1.2 "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Yahoo! Applications" = BT Yahoo! Applications "Yahoo! Software Update" = Yahoo! Software Update "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/02/2011 21:17:30 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 18127 Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 19126 Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 19126 Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 20249 Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 20249 Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 21481 Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 21481 [ Media Center Events ] Error - 29/01/2011 18:10:48 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 29/01/2011 18:37:16 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 29/01/2011 19:01:41 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 29/01/2011 19:27:37 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 29/01/2011 20:45:42 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 30/01/2011 11:34:45 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 05/02/2011 12:28:34 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 06/02/2011 14:26:48 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 06/02/2011 14:38:41 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = Error - 07/02/2011 08:53:38 | Computer Name = Mesh | Source = ehRecvr | ID = 4 Description = [ OSession Events ] Error - 31/12/2008 10:38:19 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 748 seconds with 540 seconds of active time. This session ended with a crash. Error - 12/10/2009 19:00:52 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1112 seconds with 780 seconds of active time. This session ended with a crash. Error - 14/10/2009 13:37:02 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23105 seconds with 1020 seconds of active time. This session ended with a crash. Error - 08/12/2009 20:57:52 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 193513 seconds with 6900 seconds of active time. This session ended with a crash. Error - 10/12/2009 10:03:17 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 119 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/01/2011 14:28:03 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 11057 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 05/02/2011 12:28:09 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026 Description = Error - 05/02/2011 16:28:13 | Computer Name = Mesh | Source = bowser | ID = 8003 Description = Error - 06/02/2011 14:26:28 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026 Description = Error - 06/02/2011 14:32:23 | Computer Name = Mesh | Source = DCOM | ID = 10000 Description = Error - 06/02/2011 14:37:52 | Computer Name = Mesh | Source = volsnap | ID = 393229 Description = The shadow copy of volume C: could not grow its shadow copy storage on volume C:. Error - 06/02/2011 14:38:14 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026 Description = Error - 06/02/2011 14:39:12 | Computer Name = Mesh | Source = DCOM | ID = 10000 Description = Error - 07/02/2011 08:51:02 | Computer Name = Mesh | Source = volsnap | ID = 393229 Description = The shadow copy of volume C: could not grow its shadow copy storage on volume C:. Error - 07/02/2011 08:51:26 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026 Description = Error - 07/02/2011 09:49:13 | Computer Name = Mesh | Source = DCOM | ID = 10000 Description = < End of report > Quote
Starbuck Posted February 9, 2011 Posted February 9, 2011 Hi mtav, Well, there's no obvious signs of malware. But to be honest your system is running too many security programs. Running too many is just as bad as not enough. They'll just fight and conflict with one another. BullGuard 9.0 Rapport Spybot-S&D Windows Defender These are good programs .... but not when run all together. Recommendation At a minimum i'd recommend turning off Teatimer and WinDefender. This would still give you the option of running them manually if needed. WinDefender Click Start >> Programs >> Windows Defender or launch from the system tray icon. Click on Tools & Settings >> Options. Under Real-time protection options, uncheck the "Real-time protection" check box. Click Save. Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save. TeaTimer Open Spybot and click on 'Mode' then click 'Advanced Mode'. Click on 'Tools' in bottom left hand corner. Click on the 'System Startup' icon. Uncheck 'Teatimer' box and/or uncheck 'Resident'. Then, check next to the computer clock to see if the icon for Spybot is still there. If it is, right click it and choose 'exit Spybot-S&D Resident'. Reboot the computer. There's a few orphan entries on your system, we can clean those now. Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O2 - BHO: (no name) - {23162633-071E-4D3C-B347-B85451A92DBA} - No CLSID value found. O4 - HKCU..\Run: [msnmsgr] File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0CFE8F97 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. As we're only cleaning up a few items, there's no need to post the fix report. To remove OTL after the fix: Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Quote Member of:UNITE
mtav Posted February 10, 2011 Author Posted February 10, 2011 Done all that, Starbucks, except that, when working on TeaTimer, after clicking on System Startup there were no checkboxes (Teatimer, Resident or otherwise) but, on going back and starting again, before clicking System Startup there was a Resident box which I unchecked. I suppose it was a useful exercise, so thank you, but I still have the original problems in Windows Mail. For example, when I send a message no copy is left in the Sent Items folder. Any suggestions where I should go from here? I did ask what the experts thought of the idea of giving up on Windows Mail and using Eudora ot Thunderbird instead. Quote
RandyL Posted February 10, 2011 Posted February 10, 2011 I don't have Vista anymore but I was wondering if Windows Mail is in Features. Control Panel>Programs and Features>Turn Windows features on or off. Personally I like Windows Live Mail. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
mtav Posted February 11, 2011 Author Posted February 11, 2011 Regrettably. no. Windows Mail isn't there. Quote
Starbuck Posted February 11, 2011 Posted February 11, 2011 I see you have: Microsoft Office Home and Student 2007 installed, it's a pity MS don't give you 'Outlook' with that. I use Outlook all the time. I have used Thunderbird in the past and found it quite easy to use and found it reliable. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.