Hi nunped & thanks for reviewing my logs & also helping me.
A quick update before i post the logs you requested.
When i turned pc on tonight the windows update ran & offered me 51 updates available to download. I have not done that yet as i wanted to hear what you have to say about it. Should i go ahead & download them now or wait until i am hopefully clean? Anyway, onto the logs you wanted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Robyn on 23/12/2013 at 20:16:35.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\regwork
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.FCTB000061465Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.FCTB000061465Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.FCTB000061465Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.FCTB000061465Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\regwork.job
Successfully deleted: [File] C:\Windows\system32\sho7C52.tmp
~~~ Folders
Successfully deleted: [Folder] C:\Users\Robyn\AppData\LocalLow\FCTB000061465
Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Users\Robyn\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Robyn\appdata\locallow\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2013 at 20:21:19.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SystemLook 04.09.10 by jpshortstuff
Log created at 20:28 on 23/12/2013 by Robyn
Administrator - Elevation successful
========== filefind ==========
Searching for "*Fun4IM*"
No files found.
Searching for "*Bandoo*"
No files found.
Searching for "*Searchqu*"
No files found.
Searching for "*iLivid*"
No files found.
Searching for "*whitesmoke*"
No files found.
Searching for "*datamngr*"
C:\Users\Robyn\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [20:15 23/12/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C
Searching for "*trolltech*"
No files found.
Searching for "*safesearch*"
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\325A5VG0\safesearch_net[2].htm --a---- 7807 bytes [09:17 29/05/2013] [09:18 29/05/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch[1].net --a---- 0 bytes [14:56 22/09/2013] [14:56 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[1].htm --a---- 7807 bytes [14:51 15/08/2013] [14:52 15/08/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[2].htm --a---- 0 bytes [13:02 22/09/2013] [13:02 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[3].htm --a---- 0 bytes [14:56 22/09/2013] [14:56 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[4].htm --a---- 8086 bytes [14:56 06/10/2013] [14:56 06/10/2013] 46BC2721F48B65160AF2159AB1B7C3D7
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[5].htm --a---- 0 bytes [15:35 06/10/2013] [15:35 06/10/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[6].htm --a---- 0 bytes [15:35 06/10/2013] [15:35 06/10/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[7].htm --a---- 0 bytes [23:53 21/12/2013] [23:53 21/12/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZK1FO7J\safesearch-net-removal[1].htm --a---- 40178 bytes [08:30 22/12/2013] [08:30 22/12/2013] C42CE351B2E587D1E2B0B21DF5A0889F
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZK1FO7J\safesearch_net[1].htm --a---- 0 bytes [12:12 08/09/2013] [12:12 08/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\745JQNGM\safesearch_net[2].htm --a---- 7807 bytes [14:03 30/07/2013] [14:03 30/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HOBS0A4\safesearch_net[1].htm --a---- 7807 bytes [15:29 16/07/2013] [15:29 16/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HOBS0A4\safesearch_net[2].htm --a---- 7807 bytes [18:48 24/07/2013] [18:52 24/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7Y8W9BSH\safesearch_net[1].htm --a---- 7807 bytes [07:23 13/06/2013] [07:24 13/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7Y8W9BSH\safesearch_net[2].htm --a---- 0 bytes [12:51 13/06/2013] [12:51 13/06/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DI7069CD\safesearch_net[1].htm --a---- 7807 bytes [18:28 10/06/2013] [18:30 10/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[1].htm --a---- 7807 bytes [11:10 30/05/2013] [11:11 30/05/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[2].htm --a---- 7807 bytes [18:33 18/06/2013] [18:35 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[4].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[5].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[6].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P4SSF3GQ\safesearch_net[1].htm --a---- 7807 bytes [09:39 07/09/2013] [09:39 07/09/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P4SSF3GQ\safesearch_net[2].htm --a---- 7807 bytes [09:49 07/09/2013] [09:50 07/09/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6N1J6845\safesearch[1].net --a---- 66 bytes [11:23 09/03/2013] [11:26 09/03/2013] ECA8CC1975EF30102D912E19374F5B78
C:\Users\Robyn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6N1J6845\safesearch_net[1].htm --a---- 7206 bytes [11:21 09/03/2013] [11:26 09/03/2013] C5ECFE080DAAB9D958E3AA079245585E
Searching for "*nectar*"
No files found.
========== folderfind ==========
Searching for "*Fun4IM*"
No folders found.
Searching for "*Bandoo*"
No folders found.
Searching for "*Searchqu*"
No folders found.
Searching for "*iLivid*"
No folders found.
Searching for "*whitesmoke*"
No folders found.
Searching for "*datamngr*"
No folders found.
Searching for "*trolltech*"
No folders found.
Searching for "*safesearch*"
No folders found.
Searching for "*nectar*"
C:\Program Files\Nectar Search Toolbar d------ [19:58 21/05/2013]
C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar d------ [19:58 21/05/2013]
========== Regfind ==========
Searching for "Fun4IM"
No data found.
Searching for "Bandoo"
No data found.
Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
Searching for "iLivid"
No data found.
Searching for "whitesmoke"
No data found.
Searching for "datamngr"
No data found.
Searching for "kelkoopartners"
No data found.
Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]
Searching for "safesearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch\domains]
"www.safesearch.net"="safesearch.net|green|Safe"
[HKEY_CURRENT_USER\Software\AVSoftware\SafeSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="safesearch.net"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVSoftware\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch\domains]
"www.safesearch.net"="safesearch.net|green|Safe"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AVSoftware\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="safesearch.net"
Searching for "nectar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Layouts\61465]
@="Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_name"="Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"firstURL"="http://www.nectar.com/collect/toolbar/thankyou.points"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_version"="Nectar Search Toolbar 1.703.3"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"AutoSearch"="http://uk.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=nectar-tb-v2&slv8-&type=%toolid&p=%s"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch\domains]
"www.nectar.com"="nectar.com|green|OK"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nectar Search Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2549B5EE-B8B6-4F73-BBE3-59298A8CE2EE}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}]
@="Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADA2AC0D-15C6-4611-BA5D-5B0A8B52FD6D}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
@="Nectar Search Toolbar BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C2F0D8-2209-4693-A15D-5A537211D48B}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}\1.0\0\win32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}\1.0\HELPDIR]
@="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}\1.0\0\win32]
@="C:\Program Files\Nectar Search Toolbar\Helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}\1.0\HELPDIR]
@="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"DisplayName"="Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"DisplayIcon"="C:\Program Files\Nectar Search Toolbar\Uninst.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"UninstallString"="C:\Program Files\Nectar Search Toolbar\Uninst.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Layouts\61465]
@="Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_name"="Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"firstURL"="http://www.nectar.com/collect/toolbar/thankyou.points"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_version"="Nectar Search Toolbar 1.703.3"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"AutoSearch"="http://uk.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=nectar-tb-v2&slv8-&type=%toolid&p=%s"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch\domains]
"www.nectar.com"="nectar.com|green|OK"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nectar Search Toolbar]
-= EOF =-
OTL logfile created on: 23/12/2013 20:43:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robyn\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.15% Memory free
6.07 Gb Paging File | 4.84 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 145.37 Gb Free Space | 65.15% Space Free | Partition Type: NTFS
Computer Name: ROBYN-PC | User Name: Robyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/12/23 20:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robyn\Desktop\Desktop\OTL.exe
PRC - [2013/12/21 22:37:49 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/21 22:37:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/05 19:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/15 15:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009/04/15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009/04/15 15:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 07:31:34 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/03/18 08:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2009/03/09 23:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009/03/09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009/02/19 03:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/11/06 03:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008/10/17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/08/28 23:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
========== Modules (No Company Name) ========== MOD - [2013/12/21 22:37:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/05 19:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoWebCamera\Utility.dll
MOD - [2009/02/01 21:28:14 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/01/12 15:11:40 | 000,626,688 | ---- | M] () -- C:\Program Files\VideoWebCamera\Image.dll
MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
========== Services (SafeList) ========== SRV - [2013/12/21 22:37:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/03/11 20:43:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/12/21 22:37:53 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/21 22:37:53 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/21 22:37:53 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/21 22:37:53 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/21 22:37:53 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/21 22:37:53 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/12/21 22:37:53 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/17 18:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/01/10 03:38:36 | 000,190,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 13:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/09/04 04:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.comIE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieIE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files\Nectar Search Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{1D0568E9-E764-44B6-BBED-17CE69183499}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/09 20:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/21 22:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/12/22 10:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robyn\AppData\Roaming\Mozilla\Extensions
[2013/12/22 10:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/22 10:21:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/21 22:37:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2}
http://bq.kp.2020.net/planner/Core/Play ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4}
http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A78465FB-FD0C-4F33-A52F-FADC92B59617}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Robyn\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Robyn\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/12/23 20:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/23 19:45:18 | 000,000,000 | R--D | C] -- C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/12/22 12:27:32 | 000,000,000 | ---D | C] -- C:\Users\Robyn\Desktop\Desktop
[2013/12/22 11:01:50 | 000,230,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/12/22 10:21:38 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\Mozilla
[2013/12/22 10:21:38 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Local\Mozilla
[2013/12/22 10:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 09:50:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/22 08:14:32 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\SUPERAntiSpyware.com
[2013/12/22 08:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/22 08:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/12/22 08:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/12/22 07:54:45 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\Malwarebytes
[2013/12/22 07:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/22 07:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/22 07:54:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/22 07:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/22 07:15:46 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2013/12/21 22:59:43 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\AVAST Software
[2013/12/21 22:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/21 22:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
========== Files - Modified Within 30 Days ========== [2013/12/23 20:42:52 | 000,000,562 | ---- | M] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut (2).lnk
[2013/12/23 20:14:56 | 000,000,521 | ---- | M] () -- C:\Users\Robyn\Desktop\OTL - Shortcut.lnk
[2013/12/23 20:14:48 | 000,000,562 | ---- | M] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut.lnk
[2013/12/23 20:14:41 | 000,000,521 | ---- | M] () -- C:\Users\Robyn\Desktop\JRT - Shortcut.lnk
[2013/12/23 19:52:28 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/23 19:52:28 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/23 19:44:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 19:44:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 19:44:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/23 19:44:40 | 3146,612,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/22 12:49:43 | 078,300,634 | ---- | M] () -- C:\Users\Robyn\Desktop\cmponents.reg
[2013/12/22 10:21:31 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 09:42:54 | 000,306,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/22 08:14:30 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/22 08:00:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/22 07:14:46 | 000,001,024 | ---- | M] () -- C:\Users\Robyn\.rnd
[2013/12/22 07:14:10 | 000,000,000 | ---- | M] () -- C:\Windows\Irremote.ini
[2013/12/21 22:38:04 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/21 22:38:04 | 000,001,356 | ---- | M] () -- C:\Users\Robyn\AppData\Local\d3d9caps.dat
[2013/12/21 22:37:53 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/21 22:37:53 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/21 22:37:53 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/21 22:37:53 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/21 22:37:53 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/12/21 22:37:53 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/12/21 22:37:53 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/21 22:37:52 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/21 22:37:52 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/21 22:36:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/12/21 22:33:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/12/21 22:33:08 | 000,027,136 | ---- | M] () -- C:\Users\Robyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/26 12:25:54 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ========== [2013/12/23 20:42:52 | 000,000,562 | ---- | C] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut (2).lnk
[2013/12/23 20:14:56 | 000,000,521 | ---- | C] () -- C:\Users\Robyn\Desktop\OTL - Shortcut.lnk
[2013/12/23 20:14:48 | 000,000,562 | ---- | C] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut.lnk
[2013/12/23 20:14:41 | 000,000,521 | ---- | C] () -- C:\Users\Robyn\Desktop\JRT - Shortcut.lnk
[2013/12/22 12:49:37 | 078,300,634 | ---- | C] () -- C:\Users\Robyn\Desktop\cmponents.reg
[2013/12/22 10:21:31 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/22 10:21:31 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 08:14:30 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/22 07:54:10 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/22 07:15:46 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2013/12/22 07:14:44 | 000,001,024 | ---- | C] () -- C:\Users\Robyn\.rnd
[2013/12/22 07:14:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/12/22 06:32:06 | 3146,612,736 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/21 22:33:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/03/20 20:07:33 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/20 20:07:33 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/01/18 12:34:47 | 000,000,258 | RHS- | C] () -- C:\Users\Robyn\ntuser.pol
[2012/02/18 22:48:25 | 000,000,081 | ---- | C] () -- C:\Users\Robyn\CTX.DAT
[2010/03/06 12:49:19 | 000,004,670 | ---- | C] () -- C:\Users\Robyn\AppData\Roaming\wklnhst.dat
[2010/01/11 20:31:38 | 000,001,356 | ---- | C] () -- C:\Users\Robyn\AppData\Local\d3d9caps.dat
[2009/10/15 21:16:09 | 000,027,136 | ---- | C] () -- C:\Users\Robyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL Extras logfile created on: 23/12/2013 20:43:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robyn\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.15% Memory free
6.07 Gb Paging File | 4.84 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 145.37 Gb Free Space | 65.15% Space Free | Partition Type: NTFS
Computer Name: ROBYN-PC | User Name: Robyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A506057-5F24-4953-ACA4-806443882324}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A27E7E53-60A1-4C80-84FE-57CB1759E051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E444C548-0F94-4575-8003-EF2FBF8AD55B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1175B3B5-3AF5-4514-A147-FD3BF48B0C26}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}" = protocol=17 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{35FD9824-7A6D-42C6-888D-9167FFAA9C79}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3D6C2454-DDE2-4A1E-90CB-D7B10AA7261F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}" = protocol=6 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{5ED598F9-7189-44B8-9E1D-C5E416C9CCE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D57E7F6-7B60-44A5-B729-CAB927EB6746}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7303EEEE-902D-4BD0-9C0D-1FB4DEF67D20}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AF9986AB-E034-4899-8FE2-99D41EE1F5EC}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{D4294A24-A857-4F39-9406-E7176608B1D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F19CB24F-2781-4480-9C39-A1600F9BEE66}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8B05436-DB95-46CF-B2DB-F26F51CA960B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B52265A4-ECA4-4ECB-8251-636E5A72DD76}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{86EEB1A8-B7CD-4CB5-B188-7C5A751B918C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Setup" = DivX Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Nectar Search Toolbar" = Nectar Search Toolbar
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"SetUpMyPC" = SetUpMyPC
"Updator" = Updator
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ========== [ OSession Events ]
Error - 20/07/2012 08:59:53 | Computer Name = Robyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
seconds with 0 seconds of active time. This session ended with a crash.
< End of report >