Jump to content

Recommended Posts

Posted

I use Windows Mail in Windows Vista and had a large number of message in its Sent Items folder. But today I lost them all, the folder is now empty, and outgoing messages (which DO reach the recipient) are no longer saved in Sent Items.

 

My broadband provider is BT, so messages from Windows Mail go via bt.yahoo.com where outgoing messages were stored in the Sent folder. But that, too, is now empty although I have checked that the option "When sending a message, save a copy in the Sent folder" is still selected.

 

Can anyone tell me (a) how I can get outgoing messages to be saved once again in the Sent Items and Sent folders, and (b) if possible, how I can recover my lost messages?

  • Replies 19
  • Created
  • Last Reply

Top Posters In This Topic

Posted
Hi mtav. I can't help you with your yahoo mail but the Save a copy of the sent messages in the 'Sent Items' folder in Windows Mail can be found in Tools>Options>Send.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

The option in Windows Mail to save sent items in the Sent Items folder is already selected, but it still doesn't happen. What is more I am now starting to lose incomng messages. One that came in this morning and I had read has now disappeared, and all messages received from one of my friends over the last two months have also gone. Sounds like a virus. I use Bullguard Antivirus and it is fully enabled and up-to-date.

 

(a) How can I get Mail working again? and (b) Is there any way to recover what seems to have been lost?

Posted
Considering a few things you mentioned I think now is a good time to post in the malware removal section and then check with your ISP for possible issues. What is your ISP?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted
I think I was wrong about my outgoing messages going via bt.yahoo.com and also wrong to say they used to be stored in the Sent folder there.
Posted
OK Now I'm confused as to exactly what the issue is.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted
I hope you have seen my response to this, RandyL, in Malware Infection Removal / Disappearing messages (18 Nov, 11:21)
Posted

So far your malware thread looks ok. I'm a bit at a loss here.

 

You could try removing the account then adding it back. I know that in OE that sometimes solved glitches.

 

Or you could try a different account and see what happens.

 

Or uncheck to save. Close Windows Mail. Reboot. Recheck to save.

 

As a side note some third party applications can delete them when running cleanup.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

  • 1 year later...
Posted
So far your malware thread looks ok. I'm a bit at a loss here.

 

You could try removing the account then adding it back. I know that in OE that sometimes solved glitches.

 

Or you could try a different account and see what happens.

 

Or uncheck to save. Close Windows Mail. Reboot. Recheck to save.

 

As a side note some third party applications can delete them when running cleanup.

I have suffered this problem for more than a year now. No messages I send are copied to the Sent Items folder (the folder is still completely empty). If I reply to a message in Inbox it immedialtekly disappears from Inbox. And if I flag a message in Inbox it disappears.

 

I tried removing accounts as RandyL suggests, rebooting the computer and setting them up again. No improvement. Is there any way to remove Windows Mail completely and reinstate it?

 

Incidentally, RandyL says that removing an account and adding it back can solve gliitches in OE -- Windows

Mail is directly in Vista rather than in an OS, isn't it?

Posted

Welcome back mtav.

No messages I send are copied to the Sent Items folder

Try this. Open Windows Mail. Click Tools>Options>Send.

Untic "Save a copy of sent messages in the 'Sent Items' folder.

Click Apply>OK.

Close and open Windows Mail.

No do the same thing but this time tic the box.

 

Yes Windows Mail is bundled with Vista and not a seperate add-on program. Deleting an account can sometimes solve issues with that particular account but I think your issue is with the mail client itself and not your account.

 

I noticed this thread was never finished. http://extremetechsupport.com/forum/malware-infection-removal/8540-disappearing-messages.html

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted
Welcome back mtav.

 

Try this. Open Windows Mail. Click Tools>Options>Send.

Untic "Save a copy of sent messages in the 'Sent Items' folder.

Click Apply>OK.

Close and open Windows Mail.

No do the same thing but this time tic the box.

 

Yes Windows Mail is bundled with Vista and not a seperate add-on program. Deleting an account can sometimes solve issues with that particular account but I think your issue is with the mail client itself and not your account.

 

I noticed this thread was never finished. http://extremetechsupport.com/forum/malware-infection-removal/8540-disappearing-messages.html

 

Ticked and unticked the box but no improvement, I'm afraid.

 

You are right that I didn't follow up chiaz's offer in 'disappearing messages'. Perhaps I should do so, but it all seemed rather daunting. As an alternative I have been considering using Eudora or Thunderbird on the computer with the problem while continuing to use Windows Mail on the laptop. What do you think? Would it work? Which is the better of the two?

Posted

Hi mtav,

 

Sorry for butting in here.

I see from the old thread in the malware removal forum, that no scans were actually run.

Let's just run one program now, which will give us a lot of info and then we can take it from there.

If we rule out malware it'll give everyone a clearer run at things.

I'll make this as easy as i can for you:

 

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png


    Now copy the lines in bold below.
     
    netsvcs
    msconfig
    activex
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
     
     
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

Note:

if you have problems adding the 'Custom scan' list, you can add it another way.

At the bottom of this post you will see an attachment.

Click on this and when asked, save it to your desktop. (it'll be easier to find there)

Now to add the 'Custom scan' list..... double click in the Custom Scans/Fixes window (under the blue bar) and allow it to add the file.

It will only add a document named scan.txt ..... so don't change the name of the downloaded file.

You will see the text added to the scan box.

Once added, click:

 

http://img.photobucket.com/albums/v708/starbuck50/runscan.png

scan.txt

Member of:

UNITE

Posted

Many thanks, Starbuck. Total is 91802 characters so must send the two files separately. First:

 

OTL Text

 

OTL logfile created on: 08/02/2011 15:02:57 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mike\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free

5.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): c:\pagefile.sys 3067 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 690.72 Gb Total Space | 580.28 Gb Free Space | 84.01% Space Free | Partition Type: NTFS

Drive E: | 151.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 233.76 Gb Total Space | 105.97 Gb Free Space | 45.33% Space Free | Partition Type: NTFS

 

Computer Name: MESH | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/02/08 14:59:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.scr

PRC - [2010/12/19 15:31:38 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

PRC - [2010/12/03 19:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe

PRC - [2010/12/03 19:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugin-container.exe

PRC - [2010/10/18 19:21:52 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/06/15 11:58:57 | 000,348,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

PRC - [2010/06/07 20:05:44 | 002,071,360 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

PRC - [2010/05/27 08:55:39 | 000,298,320 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

PRC - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe

PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/11/27 21:44:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/06 23:34:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2009/01/02 12:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/10/29 09:40:12 | 000,058,720 | ---- | M] (Seiko Instruments USA Inc.) -- C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.9\slpcap.exe

PRC - [2008/10/27 20:44:03 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2008/05/27 16:02:44 | 000,425,984 | ---- | M] (BroadbandChoices.co.uk) -- C:\Program Files\Broadband Choices\Broadband Choices Speed Tester\SpeedTester.exe

PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007/01/08 08:27:12 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPage15\OpWare15.exe

PRC - [2007/01/08 08:26:38 | 000,943,656 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPage15\OpAgent.exe

PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

PRC - [2005/09/09 00:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

PRC - [2003/03/11 22:26:22 | 000,307,200 | ---- | M] (JITServ) -- C:\Program Files\Down2Home\Down2Home.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/08 14:59:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.scr

MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/05/27 08:56:12 | 000,098,128 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/11/29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/09/28 12:29:36 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2010/06/15 11:58:57 | 000,348,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)

SRV - [2010/06/07 20:05:54 | 000,377,664 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)

SRV - [2010/06/07 20:05:52 | 000,251,200 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)

SRV - [2010/06/07 20:05:43 | 000,166,208 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)

SRV - [2010/05/27 08:56:11 | 000,055,120 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)

SRV - [2010/05/27 08:55:39 | 000,298,320 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)

SRV - [2010/05/27 08:55:38 | 000,133,952 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)

SRV - [2010/04/05 23:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 20:07:16 | 000,120,144 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)

SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/05/09 15:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/27 20:44:03 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)

SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/02/06 18:42:02 | 000,013,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\vdsdk.sys -- (VDSDK)

DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)

DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2010/05/27 08:55:35 | 000,055,888 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)

DRV - [2010/03/01 11:03:41 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2010/02/23 09:36:03 | 000,318,488 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AfwCore.sys -- (AfwCore)

DRV - [2010/02/23 09:36:03 | 000,029,208 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Afw.sys -- (afw)

DRV - [2009/03/27 23:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2008/01/15 19:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/12/04 19:34:18 | 000,946,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2007/11/18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)

DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/10/19 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - www.meshcomputersownersclub.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search

IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - www.meshcomputersownersclub.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1

FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57}:1.0.2

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76

FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0

FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=GOM2&o=16133&locale=en_UK&apn_uid=FDEBEC85-4975-4EE9-88F1-6ACCE53E27FB&apn_ptnrs=QL&apn_sauid=9D36F32D-75ED-49FD-8873-CA01B6F64A14&apn_dtid=YYYYYYYYGB&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2010/05/27 08:47:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/08/12 23:05:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2011/02/06 18:31:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2011/02/06 18:31:30 | 000,000,000 | ---D | M]

 

[2010/02/06 10:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions

[2010/02/06 10:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/02/07 22:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions

[2010/06/25 20:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/06 18:32:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2010/11/07 14:07:17 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2011/01/11 10:49:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/01/19 18:35:27 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57}

[2011/02/06 18:32:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\engine@conduit.com

[2009/08/28 00:20:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\support@ancestry.com

[2011/01/27 13:32:52 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\extensions\toolbar@ask.com

[2011/02/06 18:32:27 | 000,002,571 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kjvrca6j.default\searchplugins\askcom.xml

[2010/05/27 08:47:31 | 000,000,000 | ---D | M] (BullGuard Antiphishing Toolbar) -- C:\PROGRAM FILES\BULLGUARD LTD\BULLGUARD\ANTIPHISHING\FF\ANTIPHISHING@BULLGUARD

[2009/11/27 21:45:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009/08/12 23:05:16 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

[2010/06/25 20:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}

[2011/02/06 18:32:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}

[2010/11/07 14:07:17 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}

[2011/01/11 10:49:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}

[2010/01/19 18:35:27 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\{EEBC5C3F-EC4B-4AD4-B5D1-FA51B3C42C57}

[2011/02/06 18:32:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM

[2009/08/28 00:20:57 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\SUPPORT@ANCESTRY.COM

[2011/01/27 13:32:52 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\USERS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KJVRCA6J.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM

 

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {23162633-071E-4D3C-B347-B85451A92DBA} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15\Opware15.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [scanSoft OmniPage 15-reminder] C:\Program Files\ScanSoft\OmniPage15\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

O4 - HKCU..\Run: [msnmsgr] File not found

O4 - HKCU..\Run: [OpAgent] C:\Program Files\ScanSoft\OmniPage15\OpAgent.exe (Nuance Communications, Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedTester.lnk = C:\Users\Mike\Application Data\Microsoft\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/12/03 15:01:06 | 000,000,163 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2007/11/18 17:10:02 | 000,000,090 | ---- | M] () - K:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{c78e1726-a2f5-11dd-8a18-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2009/12/09 16:03:38 | 000,034,224 | R--- | M] (British Telecommunications)

O33 - MountPoints2\{c78e1726-a2f5-11dd-8a18-806e6f6e6963}\Shell\BTHomeHub\command - "" = E:\Setup.exe -- [2009/12/09 16:03:38 | 000,034,224 | R--- | M] (British Telecommunications)

O33 - MountPoints2\{f19cd37c-0eec-11e0-a530-0022153cada6}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe

O33 - MountPoints2\{f19cd37c-0eec-11e0-a530-0022153cada6}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe

O33 - MountPoints2\{f33db951-a49d-11dd-a70d-0022153cada6}\Shell\AutoRun\command - "" = K:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/06 23:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1

[2011/02/06 18:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011/02/06 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.1 Beta 2

[2011/01/29 18:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2011/01/29 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

[2011/01/23 14:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2011/01/21 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iiyama

[2011/01/21 14:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\iiyama monitor test

[2011/01/12 06:07:45 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/12 06:07:22 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/08 15:00:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/08 14:51:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/08 14:51:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/08 14:39:40 | 000,617,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/08 14:39:40 | 000,112,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/08 14:33:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4211042484-1496349775-2818423265-1000UA.job

[2011/02/08 14:12:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

[2011/02/08 11:00:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/07 15:33:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4211042484-1496349775-2818423265-1000Core.job

[2011/02/07 12:55:57 | 000,000,926 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2011/02/07 12:54:51 | 000,002,777 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedTester.lnk

[2011/02/07 12:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/07 12:51:02 | 2145,927,168 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/06 18:31:38 | 000,001,867 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/02/06 18:31:38 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/02/05 07:34:19 | 000,002,079 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk

[2011/01/31 11:48:36 | 000,159,232 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/23 14:22:08 | 000,000,934 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2011/01/23 14:22:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/02/06 23:25:21 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1.lnk

[2011/02/06 18:31:38 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/09/06 16:25:08 | 000,015,107 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/08/16 11:15:02 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2010/01/27 09:30:41 | 000,000,244 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/02 10:45:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/04/04 17:25:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/02/26 00:06:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008/12/12 00:05:23 | 008,146,944 | ---- | C] () -- C:\Users\Mike\AppData\Local\filesync.metadata

[2008/12/04 11:06:49 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll

[2008/11/13 13:34:00 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI

[2008/11/13 13:33:07 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini

[2008/11/13 13:33:06 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll

[2008/10/27 20:57:28 | 000,159,232 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/08 19:08:11 | 000,009,760 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2008/05/08 19:07:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2006/11/18 05:01:18 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll

[2006/11/18 05:00:36 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/10/11 03:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2006/02/18 08:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SlpApi42.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVRD32.SYS >

[2007/08/09 11:12:00 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=CA4CCEFF1D43F48A289536451FD39D04 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvrd32.sys

[2007/08/09 11:12:00 | 000,131,616 | -H-- | M] (NVIDIA Corporation) MD5=CA4CCEFF1D43F48A289536451FD39D04 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvrd32.sys

[2007/07/02 17:37:00 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvrd32.sys

[2007/07/02 17:37:00 | 000,131,616 | -H-- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvrd32.sys

 

< MD5 for: NVSTOR.SYS >

[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: NVSTOR32.SYS >

[2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvstor32.sys

[2007/07/02 17:37:00 | 000,110,112 | -H-- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sataraid\nvstor32.sys

[2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sata_ide\nvstor32.sys

[2007/07/02 17:37:00 | 000,110,112 | -H-- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce 750_6ser\nForceWinVista\15.08\IDE\WinVista\sata_ide\nvstor32.sys

[2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sata_ide\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | -H-- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sata_ide\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=F2D7CCD75132F19119108E07A4FD0A12 -- C:\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvstor32.sys

[2007/08/09 11:12:00 | 000,110,624 | -H-- | M] (NVIDIA Corporation) MD5=F2D7CCD75132F19119108E07A4FD0A12 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver Servicing\nvidia\chipset\nForce780\9.46\English\IDE\WinVista\sataraid\nvstor32.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

[2010/03/05 14:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0CFE8F97

 

< End of report >

Posted

Now the second file.

 

Extras

 

OTL Extras logfile created on: 08/02/2011 15:02:57 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mike\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free

5.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): c:\pagefile.sys 3067 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 690.72 Gb Total Space | 580.28 Gb Free Space | 84.01% Space Free | Partition Type: NTFS

Drive E: | 151.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 233.76 Gb Total Space | 105.97 Gb Free Space | 45.33% Space Free | Partition Type: NTFS

 

Computer Name: MESH | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{068BFEF5-4730-4AEB-8E16-F8CB3D9CCBD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0840F033-333D-4464-AC39-BD7D0C667D95}" = lport=137 | protocol=17 | dir=in | app=system |

"{09CC05B8-CB95-4055-8F4E-5C08433DF818}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1082D34B-E644-4471-83EF-755445D90B5F}" = rport=139 | protocol=6 | dir=out | app=system |

"{15B1D6BB-3378-4421-A29E-CA1C8746C54D}" = lport=138 | protocol=17 | dir=in | app=system |

"{3777E15D-24A6-4819-90F2-E4AC35653872}" = lport=139 | protocol=6 | dir=in | app=system |

"{3C6132DA-503C-42A7-BDC7-3A65861A8AB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{48AAC51F-AC72-466D-9CD4-426649F09C80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{4DB3BD44-7284-4158-8A4C-258DA7F95FBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{53A0AB0D-E5C9-46D1-B372-1B0A6C623FB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{75D68B1B-00BA-4FB4-BE57-A3B20F79EA42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7B63B187-5AAC-4862-96DE-614115FBC814}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{86C2D028-14C3-47D5-9516-6915E6C3D8CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8719F933-9782-4475-8C29-6AC5A9D45EF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8F32DF7F-8B25-49A7-8E12-20603B6E3EBD}" = lport=445 | protocol=6 | dir=in | app=system |

"{94FDEF06-F8AD-4DE3-81C3-A57D800BBCE2}" = rport=445 | protocol=6 | dir=out | app=system |

"{993CC7AE-DA28-4371-9A4A-5EA654A2E1C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9AEA70C2-C451-43DF-82F4-DD40C851E444}" = rport=137 | protocol=17 | dir=out | app=system |

"{9F11CD11-2BFC-471E-B7EB-D277F2C4B399}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9F61905D-C023-49E6-B944-F1DC1F648D93}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A369F525-600E-47B4-9AA1-87711A960C17}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B82D50CD-1D6E-468D-989E-24D83CB41A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BE94DAED-3FFF-4086-8B48-38DB8095C1D9}" = rport=138 | protocol=17 | dir=out | app=system |

"{D09B3E70-7E6C-4986-9E07-88E7E2F401C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D346B19A-0BDA-4EB8-9998-B98A1B867682}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{D63E3330-1178-4EF4-AFE4-B01D82007FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E4714201-3EBC-4A92-B74F-707B1FBC7168}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F5BCBF66-1C8C-4621-A3E5-ABB0BB6B468D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F79CE022-DEF8-4624-A928-DB2358E56923}" = lport=10243 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AD083C3-67EF-4C3B-8278-5687967E4571}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0D80A688-8963-4158-9257-D797106101CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{14AF5896-F6B9-49D2-86ED-741F7CA80000}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1D4C8D83-A5EF-42B0-BB14-56654ACC546D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1F82ABFD-820E-45FD-A829-4565D09DE52C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{20B304E5-AA8B-4762-9C85-61C8D350DA91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{21B97DDD-3BA3-4603-BC55-D17187E352D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2C168413-C129-4AA1-9F06-7285B649BA7C}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |

"{42C0D48C-0238-4086-BB94-C3D5F5A35C9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4554D569-F972-4EB8-B676-36002D6B60CE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{4A428F56-6BD3-4F9A-A2FB-23984BE323A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5075A9E0-E38C-43DB-A194-DCD33F9163D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6E639149-48CD-485C-A0ED-A700CD331090}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6E9D3A2A-24DE-4BB2-96CD-E49995A17EC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{78B1895D-C3FF-4B05-A871-2159B0A2805A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7B960E0B-0AD6-4BD0-8B4E-2F57759CC4AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7E8D153E-5838-458B-A5D1-DF80D0EA492B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{87E5315C-0323-4C25-AD04-15625F25DFD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8D41E7FB-1492-41C5-8CF4-2029D8D51EB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8F316132-D3E7-48D0-8F4B-7241CC01BAFE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{929C7641-8C60-4828-BE88-3F38F27626B3}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |

"{A0FD533A-1FAC-4FAC-B1FA-31EBAD7F0D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A15E5F76-A576-4E45-8771-C0312655E305}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

"{B3F2A41A-6B45-40BD-8E89-626500929DA6}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{B9D84C95-46A7-48CE-A826-ED19ECA24BB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C1C92110-66C6-4C4B-B392-21929B3617EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C607EC33-A7E2-45A7-96FE-19DB6B29073A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CA5CEFF3-F3E1-4A29-BE48-2EBDAD33DCF8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{CB633679-AFBE-4551-A2B9-EDA7DBE79C2C}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |

"{D11D9DB2-E52F-4263-837B-07D355C1D0D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D1D4FB87-3391-4E41-927B-F50CE6F1AFB4}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E5982BFA-8AA5-46C9-9E93-EDA58C17E963}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

"{EAEEA5F7-58A3-4125-BA4A-BCEA1AB8FE6C}" = protocol=6 | dir=out | app=system |

"TCP Query User{125EEE4C-0F5A-4CB2-A2A9-B600B9BE16B7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{3F41D838-2EC3-4A5B-A19B-864FBE2060A4}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |

"TCP Query User{7DCC792C-E322-4913-8B67-73268418041C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{A227A7B8-4C74-4ED6-9A4F-34EA22DFD6C9}C:\program files\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\program files\rfactor\rfactor.exe |

"TCP Query User{B012E59D-609B-441D-B4E7-0B64DC9312E6}C:\program files\mozilla firefox 3.1 beta 2\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 2\firefox.exe |

"TCP Query User{C6ED5F0C-0553-4680-A991-E5DF1F969888}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{226DC9E6-272C-47E1-9161-0C524D92C44C}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |

"UDP Query User{36767663-5A56-40B0-9097-7D76BE2430C1}C:\program files\mozilla firefox 3.1 beta 2\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 2\firefox.exe |

"UDP Query User{3A14949E-7374-433D-B9B1-068EC3763A65}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{67C7F74E-7806-4805-A8E9-5507069FAD0D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{B8876EAE-AD17-4435-8080-BDBBC7FB05DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{CAD76BFE-14E1-4B69-8416-09C87E7FA4C2}C:\program files\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\program files\rfactor\rfactor.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)

"{116D1725-3193-49AF-8999-036D385F701E}" = Desktop Restore

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 23

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{32729FF3-AD6A-45CC-8E55-E1916420F7F1}" = Broadband Choices Speed Tester

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD

"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0

"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow

"{DEFCEA84-FE98-460D-8B54-7D9653432390}" = ScanSoft OmniPage 15

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EE798051-986A-474A-AD4F-466504373187}" = Smart Label Printer 6.9

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU

"4oD" = 4oD

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"AI RoboForm" = AI RoboForm (All Users)

"Ashampoo Snap 3_is1" = Ashampoo Snap 3.40

"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.24

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BullGuard" = BullGuard 9.0

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"CSCLIB" = Canon Camera Support Core Library

"DBXTriever_is1" = DBXTriever 3.20

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Down2Home" = Down2Home

"EOS Utility" = Canon Utilities EOS Utility

"GOM Player" = GOM Player

"Google Desktop" = Google Desktop

"GoToAssist" = GoToAssist Corporate

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"hp deskjet 990c series" = hp deskjet 990c series (Remove only)

"iiyama Monitor Test_is1" = iiyama Monitor Test 2.1

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MyAshampoo Toolbar" = MyAshampoo Toolbar

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"Rapport_msi" = Rapport

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 12.0" = RealPlayer

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"Replay Media Catcher 3.02" = Replay Media Catcher 3.02

"rFactor" = rFactor (remove only)

"SMART PANEL for Scanner" = EPSON SMART PANEL for Scanner

"TreeSize Professional_is1" = TreeSize Professional 5.1.2

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Yahoo! Applications" = BT Yahoo! Applications

"Yahoo! Software Update" = Yahoo! Software Update

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 06/02/2011 21:17:30 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18127

 

Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 19126

 

Error - 06/02/2011 21:17:31 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 19126

 

Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 20249

 

Error - 06/02/2011 21:17:32 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 20249

 

Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 21481

 

Error - 06/02/2011 21:17:34 | Computer Name = Mesh | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 21481

 

[ Media Center Events ]

Error - 29/01/2011 18:10:48 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 29/01/2011 18:37:16 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 29/01/2011 19:01:41 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 29/01/2011 19:27:37 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 29/01/2011 20:45:42 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 30/01/2011 11:34:45 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 05/02/2011 12:28:34 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 06/02/2011 14:26:48 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 06/02/2011 14:38:41 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

Error - 07/02/2011 08:53:38 | Computer Name = Mesh | Source = ehRecvr | ID = 4

Description =

 

[ OSession Events ]

Error - 31/12/2008 10:38:19 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 748

seconds with 540 seconds of active time. This session ended with a crash.

 

Error - 12/10/2009 19:00:52 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1112

seconds with 780 seconds of active time. This session ended with a crash.

 

Error - 14/10/2009 13:37:02 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23105

seconds with 1020 seconds of active time. This session ended with a crash.

 

Error - 08/12/2009 20:57:52 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 193513

seconds with 6900 seconds of active time. This session ended with a crash.

 

Error - 10/12/2009 10:03:17 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 119

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 12/01/2011 14:28:03 | Computer Name = Mesh | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 11057

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 05/02/2011 12:28:09 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026

Description =

 

Error - 05/02/2011 16:28:13 | Computer Name = Mesh | Source = bowser | ID = 8003

Description =

 

Error - 06/02/2011 14:26:28 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026

Description =

 

Error - 06/02/2011 14:32:23 | Computer Name = Mesh | Source = DCOM | ID = 10000

Description =

 

Error - 06/02/2011 14:37:52 | Computer Name = Mesh | Source = volsnap | ID = 393229

Description = The shadow copy of volume C: could not grow its shadow copy storage

on volume C:.

 

Error - 06/02/2011 14:38:14 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026

Description =

 

Error - 06/02/2011 14:39:12 | Computer Name = Mesh | Source = DCOM | ID = 10000

Description =

 

Error - 07/02/2011 08:51:02 | Computer Name = Mesh | Source = volsnap | ID = 393229

Description = The shadow copy of volume C: could not grow its shadow copy storage

on volume C:.

 

Error - 07/02/2011 08:51:26 | Computer Name = Mesh | Source = Service Control Manager | ID = 7026

Description =

 

Error - 07/02/2011 09:49:13 | Computer Name = Mesh | Source = DCOM | ID = 10000

Description =

 

 

< End of report >

Posted

Hi mtav,

 

Well, there's no obvious signs of malware.

But to be honest your system is running too many security programs.

Running too many is just as bad as not enough.

They'll just fight and conflict with one another.

BullGuard 9.0

Rapport

Spybot-S&D

Windows Defender

These are good programs .... but not when run all together.

 

Recommendation

At a minimum i'd recommend turning off Teatimer and WinDefender.

This would still give you the option of running them manually if needed.

 

WinDefender

  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

 

 

TeaTimer

  • Open Spybot and click on 'Mode' then click 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
    Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
    If it is, right click it and choose 'exit Spybot-S&D Resident'.

 

Reboot the computer.

 

There's a few orphan entries on your system, we can clean those now.

 

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O2 - BHO: (no name) - {23162633-071E-4D3C-B347-B85451A92DBA} - No CLSID value found.
O4 - HKCU..\Run: [msnmsgr] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0CFE8F97

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

As we're only cleaning up a few items, there's no need to post the fix report.

 

To remove OTL after the fix:

 

  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,
     
    http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
     
  • This will remove any programs we have asked you to download along with there associated folders.. plus itself.

Member of:

UNITE

Posted

Done all that, Starbucks, except that, when working on TeaTimer, after clicking on System Startup there were no checkboxes (Teatimer, Resident or otherwise) but, on going back and starting again, before clicking System Startup there was a Resident box which I unchecked.

 

I suppose it was a useful exercise, so thank you, but I still have the original problems in Windows Mail. For example, when I send a message no copy is left in the Sent Items folder.

 

Any suggestions where I should go from here?

 

I did ask what the experts thought of the idea of giving up on Windows Mail and using Eudora ot Thunderbird instead.

Posted

I don't have Vista anymore but I was wondering if Windows Mail is in Features.

 

Control Panel>Programs and Features>Turn Windows features on or off.

 

Personally I like Windows Live Mail.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

I see you have:

Microsoft Office Home and Student 2007 installed, it's a pity MS don't give you 'Outlook' with that.

I use Outlook all the time.

I have used Thunderbird in the past and found it quite easy to use and found it reliable.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...