Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Spyware?
Options
-
27-05-2012 2:05pm#1Hi, strange happenings on my laptop, about 2 weeks ago while watching football online..:o the cursor moved to the start menu, searched something and tried to run a program as if someone was logged into my laptop. I pulled out the fob and shut down the laptop. After a few minutes I rebooted the laptop, updated & ran Malwarebytes and Avira antivirus and both found nothing so I thought all was okay until yesterday my wife was online & the cursor started to move on its own again but as soon as it happened she pulled out the fob and I dont know what to do next, any ideas
0
Comments
-
-
-
Thanks.. the OTL.txt is............
OTL logfile created on: 27/05/2012 17:47:56 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.32% Memory free
4.22 Gb Paging File | 2.86 Gb Available in Paging File | 67.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.34 Gb Free Space | 19.24% Space Free | Partition Type: NTFS
Drive
| 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 73.06 Gb Total Space | 18.25 Gb Free Space | 24.98% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========rt
PRC - [2012/05/27 17:47:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Downloads\OTL (1).exe
PRC - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 21:08:12 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 21:08:12 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/12/01 22:23:08 | 000,119,296 | ---- | M] (KeenHigh Tech.) -- C:\Program Files\Philips\GoGear SA2MXX Device Manager\main.exe
PRC - [2009/11/17 14:23:58 | 003,965,680 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
PRC - [2009/11/17 14:13:48 | 000,667,648 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/13 09:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2005/12/16 00:22:54 | 000,282,624 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\BBTC.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/12 03:40:49 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\0e606bf82d2f7b70ec6eee715d7676a6\TCrdMain.ni.exe
MOD - [2012/05/12 03:38:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a2d7aedd03b751d7deeb0241dd155cf1\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:38:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e570c5f18e55fccde0a07f8c9c8adcf\System.Drawing.ni.dll
MOD - [2012/05/12 03:38:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f7309f83321b1f50ebe92aa11d57d23\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:38:03 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ecfab65255b449c9c9beb29ebe53bd6b\PresentationFramework.ni.dll
MOD - [2012/05/12 03:37:44 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\28e1dc39dae658f1269e67ec8e7fed27\PresentationCore.ni.dll
MOD - [2012/05/12 03:37:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f2b14f85472552ea6535220f2a20b7fd\WindowsBase.ni.dll
MOD - [2012/05/12 03:37:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4994021feec7384cb3b6d83bd71145e\System.ni.dll
MOD - [2012/05/12 03:37:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a5ac4d35c45d3a97c485dcfe804771a\mscorlib.ni.dll
MOD - [2007/09/13 08:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/11/09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006/10/10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/15 15:46:44 | 000,863,616 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2010/03/09 17:36:18 | 000,080,680 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb)
DRV - [2009/09/10 13:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/08/30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/04/18 00:30:04 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2005/04/18 00:30:04 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrLan.sys -- (CnxTrLan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagey.com
IE - HKLM\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKLM\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYie&ptb=D92BF074-C228-45FC-B6C5-37AC39D3C914&psa=&ind=2011092112&ptnrS=YJxdm014YYie&si=CKTnwIOLnasCFcSCDgodazP6kg&st=sb&n=77ded490&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKCU\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYie&ptb=D92BF074-C228-45FC-B6C5-37AC39D3C914&psa=&ind=2011091411&ptnrS=YJxdm014YYie&si=CKTnwIOLnasCFcSCDgodazP6kg&st=sb&n=77ded1d3&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin [2012/04/09 14:35:03 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BBTC] C:\Program Files\Netopia\BBTC.exe (Netopia, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN File not found
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BE60AE-95AA-4676-A8D8-5FAC68FE7B2B}: NameServer = 83.136.47.249 193.120.14.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79DC1939-276D-457D-8568-A2D0ED416C0A}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) -\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () -\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () -\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05dc20ba-dfd7-11dd-81cd-001b38b612b4}\Shell - "" = AutoRun
O33 - MountPoints2\{05dc20ba-dfd7-11dd-81cd-001b38b612b4}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2845c2bc-0b4e-11e0-a4aa-ea4d74ca0c80}\Shell - "" = AutoRun
O33 - MountPoints2\{2845c2bc-0b4e-11e0-a4aa-ea4d74ca0c80}\Shell\AutoRun\command - "" =\PcOptions.exe
O33 - MountPoints2\{2b979c75-128a-11e1-bfd6-9665d42a879f}\Shell - "" = AutoRun
O33 - MountPoints2\{2b979c75-128a-11e1-bfd6-9665d42a879f}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2b979c92-128a-11e1-bfd6-9665d42a879f}\Shell - "" = AutoRun
O33 - MountPoints2\{2b979c92-128a-11e1-bfd6-9665d42a879f}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{386f8515-8064-11e0-af60-c1eb9fda5597}\Shell - "" = AutoRun
O33 - MountPoints2\{386f8515-8064-11e0-af60-c1eb9fda5597}\Shell\AutoRun\command - "" =\WIN\setup.exe
O33 - MountPoints2\{49728b26-e6bb-11dc-baf5-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{49728b26-e6bb-11dc-baf5-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e81425d-307c-11e0-b4b3-af6f88655d60}\Shell - "" = AutoRun
O33 - MountPoints2\{4e81425d-307c-11e0-b4b3-af6f88655d60}\Shell\AutoRun\command - "" =\PcOptions.exe
O33 - MountPoints2\{520d8885-49f1-11de-a27f-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{520d8885-49f1-11de-a27f-001cbfaf51b4}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6e42c716-4a7f-11e0-95bd-f8b21bf9b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{6e42c716-4a7f-11e0-95bd-f8b21bf9b1b2}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{885319cf-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319cf-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d5-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d5-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d6-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d6-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d7-f805-11dc-8f04-001b38b612b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d7-f805-11dc-8f04-001b38b612b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{914a3fb0-a131-11de-92fc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{914a3fb0-a131-11de-92fc-806e6f6e6963}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{92ab4484-fb6e-11dc-a995-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{92ab4484-fb6e-11dc-a995-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a1fec229-8260-11e1-a648-ef7ebb24795c}\Shell - "" = AutoRun
O33 - MountPoints2\{a1fec229-8260-11e1-a648-ef7ebb24795c}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a3cce0ca-e3a0-11e0-85cb-93c3226ee01b}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cce0ca-e3a0-11e0-85cb-93c3226ee01b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a89299f6-8266-11e1-a667-9892e3100c21}\Shell - "" = AutoRun
O33 - MountPoints2\{a89299f6-8266-11e1-a667-9892e3100c21}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b3eabadf-8a3d-11e1-8da2-f8a7d817ff63}\Shell - "" = AutoRun
O33 - MountPoints2\{b3eabadf-8a3d-11e1-8da2-f8a7d817ff63}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7f5392-9a55-11e0-8568-ea08778fb986}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7f5392-9a55-11e0-8568-ea08778fb986}\Shell\AutoRun\command - "" = WIN\setup.exe
O33 - MountPoints2\{ed0e7e28-5adc-11e1-ac6a-a8638b6882f8}\Shell - "" = AutoRun
O33 - MountPoints2\{ed0e7e28-5adc-11e1-ac6a-a8638b6882f8}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/29 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/27 17:42:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 15:38:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 15:38:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 11:26:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 11:26:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/27 11:22:21 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/13 20:47:36 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 19:01:01 | 000,162,304 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 03:34:35 | 003,685,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/24 19:13:41 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011/05/08 20:36:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/08 18:46:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/08 18:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/10 23:29:46 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rockusbCoInstaller.dll
========== LOP Check ==========
[2012/04/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Birdstep Technology
[2009/08/30 11:01:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Canon
[2008/02/22 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Datalayer
[2011/03/15 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoft
[2010/02/01 18:21:09 | 000,000,000 | -HSD | M] -- C:\Users\robert\AppData\Roaming\lowsec
[2008/02/22 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Nokia
[2011/08/12 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Samsung
[2008/11/10 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ScanSoft
[2011/05/17 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Sierra Wireless
[2008/02/22 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Template
[2008/02/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Toshiba
[2012/05/17 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\uTorrent
[2012/05/27 03:34:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
and the Extra.txt is....................
OTL Extras logfile created on: 27/05/2012 17:47:56 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.32% Memory free
4.22 Gb Paging File | 2.86 Gb Available in Paging File | 67.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.34 Gb Free Space | 19.24% Space Free | Partition Type: NTFS
Drive | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 73.06 Gb Total Space | 18.25 Gb Free Space | 24.98% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B520DAA-2AD0-4E29-958B-991500911478}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BB40A04C-AE05-48A4-BA52-35BA6D4BEE3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3CA71B8-E758-4F23-A77E-E43F36F508AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D9429E6-66F1-4C2E-8F1F-53E4F3657257}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{3C8260F5-BFD4-40E9-B744-C8EB967282F4}" = protocol=6 | dir=out | app=system |
"{4623A832-5A7A-4CF1-9B39-5C975B728009}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7347287D-63CD-442A-8D31-7A229E051B03}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8B25EC34-8525-4EC5-9CF6-EC9EB06246BC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{93198BA8-7A36-4161-9787-C0C3A5401BD6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C7E26FB3-618D-4683-817B-E814924CCBE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CC33959E-EF0C-485C-9377-56A1296BFC8C}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{F4044C1C-A085-4827-929B-A29402D76832}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{F7073182-CFB6-426F-9BDB-50F46B7C9915}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{A9D975F8-A9F4-4090-9F0B-65C664FE3726}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1437AFF9-27B6-45F3-B98E-FC6ABF3C9C29}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1CD64B13-AA47-458B-ACE2-85FC13EDD183}" = GoGear SA2MXX Device Manager
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43D2A1DD-69C9-4E86-8F51-4890A6263863}" = VTech® Photo Editor
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65C3253A-E984-4769-BC33-CBC8F059C408}" = Video Grabber
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C8426BED-2442-4EC1-B538-533A10B3CE79}" = GoGear SA2MXX Device Manager
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP220 series User Registration" = Canon MP220 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"myphotobook" = myphotobook 3.1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24/05/2012 17:41:08 | Computer Name = robert-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 25/05/2012 11:47:05 | Computer Name = robert-PC | Source = RasClient | ID = 20227
Description =
Error - 25/05/2012 11:47:05 | Computer Name = robert-PC | Source = RasClient | ID = 20227
Description =
Error - 26/05/2012 06:54:09 | Computer Name = robert-PC | Source = RasClient | ID = 20227
Description =
Error - 26/05/2012 06:57:20 | Computer Name = robert-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 26/05/2012 06:57:23 | Computer Name = robert-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 26/05/2012 22:04:23 | Computer Name = robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1310 Start Time: 01cd3b92f6384800 Termination Time: 64
Error - 26/05/2012 22:32:29 | Computer Name = robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12b8 Start Time: 01cd3bad092827e0 Termination Time: 38
Error - 27/05/2012 08:14:53 | Computer Name = robert-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 27/05/2012 08:14:54 | Computer Name = robert-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ System Events ]
Error - 24/05/2012 15:23:56 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25/05/2012 11:46:35 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25/05/2012 11:46:35 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25/05/2012 11:46:35 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26/05/2012 18:37:54 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/05/2012 18:37:54 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26/05/2012 22:33:31 | Computer Name = robert-PC | Source = DCOM | ID = 10010
Description =
Error - 27/05/2012 06:24:21 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/05/2012 06:24:21 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27/05/2012 10:38:52 | Computer Name = robert-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >0 -
-
its definitely malware, I'd format whatever USB key you been using lately too as its probably causing your infection.
This is a password stealer so change all your passwords
[2010/02/01 18:21:09 | 000,000,000 | -HSD | M] -- C:\Users\robert\AppData\Roaming\lowsec
open OTL paste this in the custom scan/fixes box
:OTL
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) -\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () -\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () -\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05dc20ba-dfd7-11dd-81cd-001b38b612b4}\Shell - "" = AutoRun
O33 - MountPoints2\{05dc20ba-dfd7-11dd-81cd-001b38b612b4}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2845c2bc-0b4e-11e0-a4aa-ea4d74ca0c80}\Shell - "" = AutoRun
O33 - MountPoints2\{2845c2bc-0b4e-11e0-a4aa-ea4d74ca0c80}\Shell\AutoRun\command - "" =\PcOptions.exe
O33 - MountPoints2\{2b979c75-128a-11e1-bfd6-9665d42a879f}\Shell - "" = AutoRun
O33 - MountPoints2\{2b979c75-128a-11e1-bfd6-9665d42a879f}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2b979c92-128a-11e1-bfd6-9665d42a879f}\Shell - "" = AutoRun
O33 - MountPoints2\{2b979c92-128a-11e1-bfd6-9665d42a879f}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{386f8515-8064-11e0-af60-c1eb9fda5597}\Shell - "" = AutoRun
O33 - MountPoints2\{386f8515-8064-11e0-af60-c1eb9fda5597}\Shell\AutoRun\command - "" =\WIN\setup.exe
O33 - MountPoints2\{49728b26-e6bb-11dc-baf5-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{49728b26-e6bb-11dc-baf5-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e81425d-307c-11e0-b4b3-af6f88655d60}\Shell - "" = AutoRun
O33 - MountPoints2\{4e81425d-307c-11e0-b4b3-af6f88655d60}\Shell\AutoRun\command - "" =\PcOptions.exe
O33 - MountPoints2\{520d8885-49f1-11de-a27f-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{520d8885-49f1-11de-a27f-001cbfaf51b4}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6e42c716-4a7f-11e0-95bd-f8b21bf9b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{6e42c716-4a7f-11e0-95bd-f8b21bf9b1b2}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{885319cf-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319cf-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d5-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d5-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d6-f805-11dc-8f04-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d6-f805-11dc-8f04-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885319d7-f805-11dc-8f04-001b38b612b4}\Shell - "" = AutoRun
O33 - MountPoints2\{885319d7-f805-11dc-8f04-001b38b612b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{914a3fb0-a131-11de-92fc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{914a3fb0-a131-11de-92fc-806e6f6e6963}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{92ab4484-fb6e-11dc-a995-001cbfaf51b4}\Shell - "" = AutoRun
O33 - MountPoints2\{92ab4484-fb6e-11dc-a995-001cbfaf51b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a1fec229-8260-11e1-a648-ef7ebb24795c}\Shell - "" = AutoRun
O33 - MountPoints2\{a1fec229-8260-11e1-a648-ef7ebb24795c}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a3cce0ca-e3a0-11e0-85cb-93c3226ee01b}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cce0ca-e3a0-11e0-85cb-93c3226ee01b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a89299f6-8266-11e1-a667-9892e3100c21}\Shell - "" = AutoRun
O33 - MountPoints2\{a89299f6-8266-11e1-a667-9892e3100c21}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b3eabadf-8a3d-11e1-8da2-f8a7d817ff63}\Shell - "" = AutoRun
O33 - MountPoints2\{b3eabadf-8a3d-11e1-8da2-f8a7d817ff63}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7f5392-9a55-11e0-8568-ea08778fb986}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7f5392-9a55-11e0-8568-ea08778fb986}\Shell\AutoRun\command - "" = WIN\setup.exe
O33 - MountPoints2\{ed0e7e28-5adc-11e1-ac6a-a8638b6882f8}\Shell - "" = AutoRun
O33 - MountPoints2\{ed0e7e28-5adc-11e1-ac6a-a8638b6882f8}\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" =\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2010/02/01 18:21:09 | 000,000,000 | -HSD | M] -- C:\Users\robert\AppData\Roaming\lowsec
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93198BA8-7A36-4161-9787-C0C3A5401BD6}"=-
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix, reboot, click Quick Scan and post the log it gives.0 -
Advertisement
-
Thanks very much, really appreciate your help......
OTL logfile created on: 27/05/2012 19:59:42 - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = c:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.62% Memory free
4.21 Gb Paging File | 3.05 Gb Available in Paging File | 72.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.38 Gb Free Space | 21.98% Space Free | Partition Type: NTFS
Drive | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 73.06 Gb Total Space | 18.25 Gb Free Space | 24.98% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/27 17:45:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- c:\Users\robert\Downloads\OTL.exe
PRC - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 21:08:12 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 21:08:12 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/12/01 22:23:08 | 000,119,296 | ---- | M] (KeenHigh Tech.) -- C:\Program Files\Philips\GoGear SA2MXX Device Manager\main.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/13 09:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2005/12/16 00:22:54 | 000,282,624 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\BBTC.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/12 03:40:49 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\0e606bf82d2f7b70ec6eee715d7676a6\TCrdMain.ni.exe
MOD - [2012/05/12 03:38:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a2d7aedd03b751d7deeb0241dd155cf1\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:38:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e570c5f18e55fccde0a07f8c9c8adcf\System.Drawing.ni.dll
MOD - [2012/05/12 03:38:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f7309f83321b1f50ebe92aa11d57d23\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:38:03 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ecfab65255b449c9c9beb29ebe53bd6b\PresentationFramework.ni.dll
MOD - [2012/05/12 03:37:44 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\28e1dc39dae658f1269e67ec8e7fed27\PresentationCore.ni.dll
MOD - [2012/05/12 03:37:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f2b14f85472552ea6535220f2a20b7fd\WindowsBase.ni.dll
MOD - [2012/05/12 03:37:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4994021feec7384cb3b6d83bd71145e\System.ni.dll
MOD - [2012/05/12 03:37:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a5ac4d35c45d3a97c485dcfe804771a\mscorlib.ni.dll
MOD - [2007/09/13 08:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/11/09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006/10/10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/15 15:46:44 | 000,863,616 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2010/03/09 17:36:18 | 000,080,680 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb)
DRV - [2009/09/10 13:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/08/30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/04/18 00:30:04 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2005/04/18 00:30:04 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrLan.sys -- (CnxTrLan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagey.com
IE - HKLM\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKLM\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYie&ptb=D92BF074-C228-45FC-B6C5-37AC39D3C914&psa=&ind=2011092112&ptnrS=YJxdm014YYie&si=CKTnwIOLnasCFcSCDgodazP6kg&st=sb&n=77ded490&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKCU\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYie&ptb=D92BF074-C228-45FC-B6C5-37AC39D3C914&psa=&ind=2011091411&ptnrS=YJxdm014YYie&si=CKTnwIOLnasCFcSCDgodazP6kg&st=sb&n=77ded1d3&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin [2012/04/09 14:35:03 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BBTC] C:\Program Files\Netopia\BBTC.exe (Netopia, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN File not found
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01BE60AE-95AA-4676-A8D8-5FAC68FE7B2B}: NameServer = 83.136.47.249 193.120.14.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79DC1939-276D-457D-8568-A2D0ED416C0A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) -\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () -\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () -\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/27 19:47:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/29 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/27 19:57:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 19:57:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 19:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 19:56:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 11:26:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 11:26:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/13 20:47:36 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 19:01:01 | 000,162,304 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 03:34:35 | 003,685,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/24 19:13:41 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011/05/08 20:36:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/08 18:46:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/08 18:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/10 23:29:46 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rockusbCoInstaller.dll
========== LOP Check ==========
[2012/04/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Birdstep Technology
[2009/08/30 11:01:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Canon
[2008/02/22 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Datalayer
[2011/03/15 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoft
[2008/02/22 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Nokia
[2011/08/12 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Samsung
[2008/11/10 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ScanSoft
[2011/05/17 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Sierra Wireless
[2008/02/22 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Template
[2008/02/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Toshiba
[2012/05/17 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\uTorrent
[2012/05/27 03:34:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >0 -
open OTL, paste this in the custom scan box
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagey.com
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startpagey.com
IE - HKLM\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askR...=1&toolbar=UT2
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) -\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () -\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () -\AUTORUN.INF -- [ CDFS ]
:Commands
[clearallrestorepoints]
Click Run Fix, reboot the PC, play around with it and tell me if the problem persists.0 -
done....:)
OTL logfile created on: 27/05/2012 21:34:21 - Run 3
OTL by OldTimer - Version 3.2.43.2 Folder = c:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.42% Memory free
4.21 Gb Paging File | 3.08 Gb Available in Paging File | 73.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.74 Gb Free Space | 22.46% Space Free | Partition Type: NTFS
Drive | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 73.06 Gb Total Space | 18.25 Gb Free Space | 24.98% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/27 17:45:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- c:\Users\robert\Downloads\OTL.exe
PRC - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 21:08:12 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 21:08:12 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/12/01 22:23:08 | 000,119,296 | ---- | M] (KeenHigh Tech.) -- C:\Program Files\Philips\GoGear SA2MXX Device Manager\main.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/11/13 09:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2005/12/16 00:22:54 | 000,282,624 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\BBTC.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/12 03:40:49 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\0e606bf82d2f7b70ec6eee715d7676a6\TCrdMain.ni.exe
MOD - [2012/05/12 03:38:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a2d7aedd03b751d7deeb0241dd155cf1\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:38:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e570c5f18e55fccde0a07f8c9c8adcf\System.Drawing.ni.dll
MOD - [2012/05/12 03:38:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f7309f83321b1f50ebe92aa11d57d23\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:38:03 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ecfab65255b449c9c9beb29ebe53bd6b\PresentationFramework.ni.dll
MOD - [2012/05/12 03:37:44 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\28e1dc39dae658f1269e67ec8e7fed27\PresentationCore.ni.dll
MOD - [2012/05/12 03:37:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f2b14f85472552ea6535220f2a20b7fd\WindowsBase.ni.dll
MOD - [2012/05/12 03:37:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4994021feec7384cb3b6d83bd71145e\System.ni.dll
MOD - [2012/05/12 03:37:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a5ac4d35c45d3a97c485dcfe804771a\mscorlib.ni.dll
MOD - [2007/09/13 08:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/11/09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006/10/10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012/05/08 21:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 21:08:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/15 15:46:44 | 000,863,616 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2010/03/09 17:36:18 | 000,080,680 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb)
DRV - [2009/09/10 13:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/08/30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/04/18 00:30:04 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2005/04/18 00:30:04 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CnxTrLan.sys -- (CnxTrLan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {369CBA93-E539-4721-8421-463DE70A90BE}
IE - HKCU\..\SearchScopes\{369CBA93-E539-4721-8421-463DE70A90BE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin [2012/04/09 14:35:03 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BBTC] C:\Program Files\Netopia\BBTC.exe (Netopia, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN File not found
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79DC1939-276D-457D-8568-A2D0ED416C0A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) -\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () -\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () -\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/27 19:47:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/07 08:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/29 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\New Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/27 21:32:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 21:32:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 21:32:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 21:31:55 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 20:04:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 20:04:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/13 20:47:36 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 19:01:01 | 000,162,304 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 03:34:35 | 003,685,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 21:08:13 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/08 21:08:13 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/24 19:13:41 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011/05/08 20:36:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/08 18:46:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/08 18:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/10 23:29:46 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rockusbCoInstaller.dll
========== LOP Check ==========
[2012/04/09 18:16:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Birdstep Technology
[2009/08/30 11:01:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Canon
[2008/02/22 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Datalayer
[2011/03/15 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoft
[2008/02/22 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Nokia
[2011/08/12 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Samsung
[2008/11/10 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ScanSoft
[2011/05/17 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Sierra Wireless
[2008/02/22 08:23:47 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Template
[2008/02/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Toshiba
[2012/05/17 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\uTorrent
[2012/05/27 21:30:56 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >0 -
-
-
Advertisement
-
-
-
Advertisement