Laptop has slowed up and frequent crashing "windows explorer"

Found the OTL log files:

OTL logfile created on: 04/04/2010 01:17:44 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = \\dcan-nas1\staff\S00KLT\Downloads
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 33.81 Gb Free Space | 30.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 111.79 Gb Total Space | 33.81 Gb Free Space | 30.25% Space Free | Partition Type: CSC-CACHE
I: Drive not present or media not loaded

Computer Name: M700-KLT
Current User Name: S00KLT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/04 01:16:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- \\dcan-nas1\staff\S00KLT\Downloads\OTL.exe
PRC - [2010/03/19 23:24:19 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\s00klt\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/25 17:25:52 | 001,295,592 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/02/25 17:25:52 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/10/28 22:22:49 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/02 08:12:40 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/07/02 08:12:40 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/04/11 07:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 11:59:52 | 000,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2009/04/02 11:59:45 | 000,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2008/11/18 15:32:58 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/11/18 14:08:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/24 16:24:14 | 000,144,816 | ---- | M] (NetSupport Ltd) -- C:\Program Files\Ranger Remote Control\runplugin.exe
PRC - [2008/10/24 16:23:48 | 000,030,128 | ---- | M] (NetSupport Ltd) -- C:\Program Files\Ranger Remote Control\client32.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/28 22:07:12 | 000,704,512 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/04 10:17:24 | 000,159,744 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\TrueSuite Access Manager\CssSvr.exe
PRC - [2008/09/03 17:20:14 | 003,152,384 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Program Files\TrueSuite Access Manager\PwdBank.exe
PRC - [2008/09/02 08:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/08/29 13:53:36 | 000,532,776 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2008/08/29 13:53:36 | 000,095,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2008/07/25 16:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/05/23 20:07:44 | 002,569,544 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/05/23 17:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/05/22 23:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/05/19 18:43:20 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2008/05/13 19:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/05/13 04:12:00 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 12:31:32 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008/04/22 22:35:44 | 000,218,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngtray.exe
PRC - [2008/04/22 22:35:42 | 000,673,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
PRC - [2008/04/15 00:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/03/31 20:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/01/19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 00:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/12/04 14:49:16 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/03 15:17:04 | 000,509,888 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/11/07 13:44:14 | 000,337,784 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe
PRC - [2007/10/23 16:00:20 | 000,562,488 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2007/10/11 18:02:56 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/10/11 14:02:02 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/09/28 17:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/07/20 21:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/06/27 13:28:42 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/06/19 16:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/31 20:56:52 | 000,151,216 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2006/10/31 20:55:44 | 000,057,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe
PRC - [2006/10/31 19:12:54 | 000,691,888 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe


========== Modules (SafeList) ==========

MOD - [2010/04/04 01:16:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- \\dcan-nas1\staff\S00KLT\Downloads\OTL.exe
MOD - [2010/02/03 13:18:48 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/02 19:46:39 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2009/04/11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 07:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 07:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:36:00 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2006/11/02 10:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 17:25:52 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/10/28 22:22:49 | 000,080,936 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/02 08:12:40 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/02 11:59:52 | 000,266,240 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2009/04/02 11:59:45 | 000,794,624 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2008/11/18 15:32:58 | 000,098,304 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/11/18 14:08:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/24 16:23:48 | 000,030,128 | ---- | M] (NetSupport Ltd) [Auto | Running] -- C:\Program Files\Ranger Remote Control\client32.exe -- (Client32)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/09/02 08:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/08/29 13:53:36 | 000,095,528 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2008/05/22 23:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/22 22:35:42 | 000,673,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/04 14:49:16 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/23 16:00:20 | 000,562,488 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.dja...y.notts.sch.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 26 EA 88 A7 B1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = gateway.djanogly.notts.sch.uk;intranet.djanogly.notts.sch.uk;eportal.djanogly.notts.sch.uk;10.10.1.50;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.djanogly.notts.sch.uk:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/20 00:04:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 00:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 00:16:29 | 000,000,000 | ---D | M]

[2009/07/04 22:20:51 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions
[2009/03/10 00:57:16 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/04/03 11:43:16 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions
[2010/01/12 23:00:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/04 22:23:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/23 12:48:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/17 21:38:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/23 12:48:35 | 000,000,000 | ---D | M] (Answers) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/01/07 15:21:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/10 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\[email protected]
[2009/11/29 12:52:26 | 000,000,564 | ---- | M] () -- C:\Users\s00klt\AppData\Roaming\Mozilla\FireFox\Profiles\xqo04olt.default\searchplugins\bing.xml
[2010/04/03 11:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/02/10 00:16:23 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/10 00:16:23 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/10 00:16:23 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/10 00:16:23 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Button Disable] C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe (TOSHIBA)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\s00klt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Date/Time
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Fax
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Folder Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Game Controllers
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Intel® PROSet
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = Mail
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = Scheduled Tasks
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Toshiba HWSetup
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = Toshiba Mobile Extension
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = Users and Passwords
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Wireless Network
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = Yamaha AC-XG
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O13 - gopher Prefix: missing
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} https://intranet.dja...lib/VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://edexcel.webe...ng/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = djanogly.notts.sch.uk
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O24 - Desktop BackupWallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{047ece0b-07fe-11de-bcfb-00037a8bfa7b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\Shell - "" = AutoRun
O33 - MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e21eafb-87ae-11de-869f-00215c359f57}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\Shell - "" = AutoRun
O33 - MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe -- File not found
O33 - MountPoints2\{ed62a557-1d2b-11df-b22b-001c7e7cf2a8}\Shell\AutoRun\command - "" = D:\Setup.now.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/11/19 15:11:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/04 00:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/04 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/02 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\s00klt\Desktop\film
[2010/03/24 14:12:27 | 000,000,000 | --SD | C] -- \\dcan-nas1\staff\S00KLT\SharePoint Drafts

========== Files - Modified Within 14 Days ==========

[2010/04/04 01:16:49 | 004,980,736 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT
[2010/04/04 01:13:36 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/04 01:13:36 | 000,612,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/04 01:13:36 | 000,110,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/04 01:07:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/04 01:07:00 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/04 01:07:00 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/04 01:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/04 01:06:45 | 3209,555,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 01:06:43 | 373,796,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/04 01:06:42 | 000,000,008 | ---- | M] () -- C:\Windows\System32\pcisys.ntk
[2010/04/04 00:29:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134UA.job
[2010/04/03 23:53:17 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134Core.job
[2010/04/03 23:48:28 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BABF0C7D-0C96-483C-AFF7-C35A049052ED}.job
[2010/04/03 23:48:09 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Mobile.job
[2010/04/01 19:40:05 | 000,209,920 | ---- | M] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 16:48:23 | 000,524,288 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/01 16:48:23 | 000,065,536 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/04/01 16:47:44 | 003,252,837 | -H-- | M] () -- C:\Users\s00klt\AppData\Local\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 14:47:05 | 000,000,288 | ---- | M] () -- \\dcan-nas1\staff\S00KLT\TenQQ.ini
[2010/03/25 17:36:38 | 000,091,143 | ---- | M] () -- C:\Users\s00klt\Desktop\TOI.pdf
[2010/03/25 11:37:36 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

========== Files Created - No Company Name ==========

[2010/04/04 01:12:43 | 000,293,376 | ---- | C] () -- C:\Users\s00klt\Desktop\gmer.exe
[2010/03/25 17:36:38 | 000,091,143 | ---- | C] () -- C:\Users\s00klt\Desktop\TOI.pdf
[2010/02/19 17:25:53 | 000,000,264 | ---- | C] () -- C:\Windows\{F6FD021A-39D8-4224-94BB-D01BB5316A3A}_WiseFW.ini
[2010/02/10 23:56:33 | 000,000,264 | ---- | C] () -- C:\Windows\{02FC8EFD-692D-49FB-96FA-0CA20E53FD3B}_WiseFW.ini
[2010/01/27 19:15:35 | 000,001,783 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DreamCalc DC4S.dat
[2010/01/14 15:55:44 | 000,000,093 | ---- | C] () -- C:\Windows\LOGO.INI
[2010/01/12 14:23:38 | 000,004,096 | -H-- | C] () -- C:\Users\s00klt\AppData\Local\keyfile3.drm
[2009/12/28 21:27:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/24 12:11:06 | 000,001,065 | ---- | C] () -- C:\Windows\Winamp.ini
[2009/12/24 12:11:00 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2009/09/16 09:12:59 | 000,000,125 | ---- | C] () -- C:\Windows\olltwitflashcard.ini
[2009/09/09 16:28:21 | 000,000,786 | ---- | C] () -- C:\Windows\exampro32.ini
[2009/09/09 16:28:17 | 000,536,576 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/09/09 16:28:17 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009/08/25 08:39:07 | 000,000,271 | ---- | C] () -- C:\Windows\ricdb.ini
[2009/07/27 09:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/05 18:50:51 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/06/01 14:49:39 | 000,009,216 | ---- | C] () -- C:\Windows\System32\ddvdd.dll
[2009/06/01 14:49:39 | 000,007,072 | ---- | C] () -- C:\Windows\System32\drivers\ddnt.sys
[2009/04/13 16:00:15 | 000,000,680 | ---- | C] () -- C:\Users\s00klt\AppData\Local\d3d9caps.dat
[2009/01/06 10:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/12/19 15:19:11 | 000,209,920 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 13:32:53 | 000,027,852 | RHS- | C] () -- C:\Users\s00klt\ntuser.pol
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2008/12/19 13:32:46 | 000,262,144 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG1
[2008/12/19 13:32:46 | 000,065,536 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2008/12/19 13:32:46 | 000,000,020 | -HS- | C] () -- C:\Users\s00klt\ntuser.ini
[2008/12/19 13:32:46 | 000,000,000 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG2
[2008/12/19 13:32:45 | 004,980,736 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT
[2008/11/20 10:44:49 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/11/20 10:44:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/20 10:44:45 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/20 10:44:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/20 10:44:44 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/20 10:44:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/20 10:44:41 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/11/19 14:46:34 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/19 10:41:35 | 000,036,918 | ---- | C] () -- C:\Windows\System32\pcimsg.dll
[2008/11/19 10:41:35 | 000,020,542 | ---- | C] () -- C:\Windows\System32\pcivdd.dll
[2008/11/19 09:45:21 | 000,000,290 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/18 17:03:23 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/11/18 14:14:49 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/11/18 13:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/11/18 13:02:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/18 13:02:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/18 13:02:27 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/18 13:02:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/11/18 11:14:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2008/11/18 11:09:13 | 000,006,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:48:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2002/10/17 17:16:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\TOSMgmt.dll
[2002/09/24 13:19:02 | 000,053,760 | ---- | C] () -- C:\Windows\System32\DD32.dll

========== LOP Check ==========

[2009/11/10 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Canneverbe_Limited
[2009/12/28 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\DAEMON Tools Lite
[2010/01/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\GetRightToGo
[2009/04/27 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Hermitech Laboratory
[2009/07/20 00:07:57 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Nokia
[2009/07/20 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\PC Suite
[2009/08/17 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\PhoneRemoteControl
[2009/01/05 13:27:08 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Ranger
[2009/02/27 00:12:35 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Schoolhouse Technologies
[2009/03/10 00:57:14 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\TomTom
[2009/02/22 20:30:07 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\toshiba
[2010/02/07 17:43:43 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Trusteer
[2010/01/17 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Uniblue
[2009/12/09 16:46:00 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\webex
[2009/09/05 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\WTouch
[2010/04/03 23:48:09 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Mobile.job
[2010/04/01 16:48:19 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/03 23:48:28 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BABF0C7D-0C96-483C-AFF7-C35A049052ED}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/11/18 11:49:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/11/18 11:49:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/11/18 11:49:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 07:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/12/28 21:27:50 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F652F80
< End of report >

OTL Extras logfile created on: 04/04/2010 01:17:44 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = \\dcan-nas1\staff\S00KLT\Downloads
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 33.81 Gb Free Space | 30.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 111.79 Gb Total Space | 33.81 Gb Free Space | 30.25% Space Free | Partition Type: CSC-CACHE
I: Drive not present or media not loaded

Computer Name: M700-KLT
Current User Name: S00KLT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{447D0060-B21D-4EA2-9F31-839E61C5E321}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8989DB56-0A77-49A5-897E-D9913D8CF171}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{92A2D3AA-C627-4CFD-96BA-346B2904A286}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{C455B1C0-FEAA-44C8-A40A-9462A7E4EC1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C98ECD5D-7C33-415E-9275-E6736BFD1087}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{CA123308-431B-4AA6-85DF-DD32BC40F672}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{F5F301B6-34A1-43CC-B429-1116C9E05CC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F78D4466-11E8-4BE2-97A5-6169E08BF42E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FB198770-5E26-4D29-8EDC-8D9C1A0610C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F73C92-4804-40BE-801B-790B46614036}" = protocol=6 | dir=in | app=c:\program files\wordwall 2\wordwall.exe |
"{15234B7F-8A92-44C0-B2CE-ECF92F9C2A9A}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\client32.exe |
"{1BA361EA-EB6E-4B53-8D4E-20D80B7811C1}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\pcinssui.exe |
"{366AEB91-E147-4659-AFE9-05BC6B838883}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{47FA63E4-0E63-41F1-A717-EAC2A6FC78A3}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\pcinssui.exe |
"{5A61162E-E2FA-4365-97DB-BA389CFBAB91}" = protocol=17 | dir=in | app=c:\program files\symantec\ghost\ngctw32.exe |
"{5DAF8EF0-E70A-4188-AFD0-4C03BC4FE093}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\pcinssui.exe |
"{691B6203-93CC-4738-8556-5F4BFB076FFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6EFB4F39-93C7-4E65-975C-E83A983E3DF5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{726FC362-E36D-469D-8F18-B8EE94740437}" = protocol=6 | dir=in | app=c:\program files\symantec\ghost\ngctw32.exe |
"{796AD625-D19E-459B-BCCD-1F853AA4EA36}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\pcinsscd.exe |
"{82EF8995-E3E2-4116-9A89-40BE992EE86E}" = protocol=17 | dir=in | app=c:\program files\wordwall 2\wordwall.exe |
"{83590B93-8892-4789-A981-7BF2EE86686C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84FE9797-32A2-4B16-82E6-F79AEECB9079}" = protocol=6 | dir=in | app=c:\program files\symantec\ghost\ngctw32.exe |
"{8D0C74AD-87BD-4AA1-AA87-84FF20800B14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{90F0830C-E35E-44CD-93B3-4807E4203D45}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\client32.exe |
"{A03419D6-2E75-4CAF-99C1-C463A8566801}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\pcinsscd.exe |
"{AFA7C7B7-A86A-4C95-82A3-F0122A37ADBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B02BD11C-02C6-4707-8ECD-905228373BA8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{B0E02EFF-034A-4827-B9B2-92C0D6A40FDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B256D29F-EB3B-4A0C-875D-5F7A02EACC93}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4677BA0-FCA5-4996-BD74-174F12B5EB3E}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\client32.exe |
"{BBFBED6C-E80C-4B08-A7D3-CB4CB83FFC0D}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\pcinsscd.exe |
"{BE826143-558E-48B9-B47D-2FDA9555A653}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{BE8EB415-0DF6-45A9-B1AF-A29214FA8395}" = protocol=17 | dir=in | app=c:\program files\wordwall 2\wordwall.exe |
"{BF3AF9EB-37FF-43B8-850D-FF7D8CB7C4F6}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\pcinsscd.exe |
"{CE2B86E7-892E-4692-AC8C-4B6619CDEE6F}" = protocol=17 | dir=in | app=c:\program files\ranger remote control\pcinssui.exe |
"{D8439E89-1C68-4E1E-8214-AB3DBB6F1C18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5E53603-26D8-4469-98D8-EF1531CEF943}" = protocol=6 | dir=in | app=c:\program files\wordwall 2\wordwall.exe |
"{FBC8FB04-3D1E-4BDC-9CA1-63AEB9E89A71}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDEA4A05-B856-48D2-A74D-A458CB649DC2}" = protocol=17 | dir=in | app=c:\program files\symantec\ghost\ngctw32.exe |
"{FEDC13F6-6FC4-4CE3-AC80-661838CC0848}" = protocol=6 | dir=in | app=c:\program files\ranger remote control\client32.exe |
"TCP Query User{73883EEF-0912-4BC0-B6F4-2F33C094B9C4}C:\program files\psiloc\wirelesspresenter\psilocwirelesspresenterdesktop.exe" = protocol=6 | dir=in | app=c:\program files\psiloc\wirelesspresenter\psilocwirelesspresenterdesktop.exe |
"TCP Query User{9A6F9FFF-8979-43E5-8177-CBA35FC9F960}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AFC618E5-E3BA-4936-857D-3E66FE0B7A78}C:\program files\phonepoint\phonepoint.exe" = protocol=6 | dir=in | app=c:\program files\phonepoint\phonepoint.exe |
"TCP Query User{C260998A-F44D-413E-906B-0850324EC869}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DE0EFED7-3CA9-4F78-8AED-F9560A4F5F6D}C:\program files\phonepoint\phonepoint.exe" = protocol=6 | dir=in | app=c:\program files\phonepoint\phonepoint.exe |
"TCP Query User{E44E44A1-CFBA-4865-BDFE-C19BA0A1CE26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{59E7F463-D1CB-44BB-81CF-42E70D3E6B4E}C:\program files\psiloc\wirelesspresenter\psilocwirelesspresenterdesktop.exe" = protocol=17 | dir=in | app=c:\program files\psiloc\wirelesspresenter\psilocwirelesspresenterdesktop.exe |
"UDP Query User{5E97158F-033F-45C1-9E61-745590071E1D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{703F3607-DBB9-4602-A95F-D9DC6453BD89}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8F162AFF-5E6B-4254-B60E-39760A2AD68E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{97029D01-B983-4B39-B6C9-A2AEA94EA9D1}C:\program files\phonepoint\phonepoint.exe" = protocol=17 | dir=in | app=c:\program files\phonepoint\phonepoint.exe |
"UDP Query User{EF00D503-9B3F-48FF-941D-373D0BEB69A7}C:\program files\phonepoint\phonepoint.exe" = protocol=17 | dir=in | app=c:\program files\phonepoint\phonepoint.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02FC8EFD-692D-49FB-96FA-0CA20E53FD3B}" = WordWall 2.1 (R54)
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B896FFA-9C63-4A94-09C2-000000A6B193}" = Symantec Ghost Console Client
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D049270-13E8-4CDC-BFCB-89C3871070EE}" = Nokia PC Internet Access
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BC62736-ABDE-4953-8ADF-0085E1855EA8}" = Math Resource Studio
"{1BDC1AB0-2677-4593-8F94-329F7CA8F670}" = Adobe Creative Suite 3 Design Premium
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1E85CABF-0984-482A-BF5D-E9AC4BF33694}" = Basic Facts Worksheet Factory
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3AAA33B1-908B-42B0-A766-6EF3D15D8CE3}" = TOSHIBA Mic Effect MUI
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3FA13137-DE7F-47CF-ABC8-6BE20863E329}" = TOSHIBA Tablet PC Extension
"{4BC9CBFF-F1A6-485E-A68F-7BC3E05082F8}" = ACTIVstudio 2 PE Help (GBR)
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6465C0C3-6379-4A56-966A-A5E300364C41}" = Wireless Mobile Broadband Drivers
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71575D1F-7BF9-4B78-81A2-2071FEA35A4C}" = PhonePoint
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D73FAB2-E2DB-4182-98A3-7E8D10EDB57F}" = Toshiba Data Projector
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FFBA30D-0EC1-45BC-872C-39E1728AC761}" = Ranger Remote Control
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EB5469-3665-4963-A345-6D07242D78F3}" = TOSHIBA Management Console Version 4.0 (4.0.1)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4D050BA-F0A6-4F57-A0AC-CDCE03EA9B62}" = ACTIVstudio 2 Professional Edition
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDCDED0E-B689-4963-BB32-7C7F4B4BF121}" = Schoolhouse Test 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8BA6802-38DA-43F9-8ACB-73161C277C9A}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF149A60-8F5A-4632-B5DE-EC35BCB5ADFC}" = Microsoft Windows Logo
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D99307D7-7909-40C3-8AC2-1561FB546ABF}" = Heinemann Solutionbank Statistics S1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6FD021A-39D8-4224-94BB-D01BB5316A3A}" = WordWall 2.1 (R56)
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.7 Professional
"Adobe Acrobat 8 Professional_817" = Adobe Acrobat 8.1.7 - CPSID_50029
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_498b43b77cac072081a5692bfc52804" = Add or Remove Adobe Creative Suite 3 Design Premium
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DB88211B7411B39BB0C21343EFF391BF378C4E0A" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (07/07/2009 5.4.24.0)
"DreamCalcDC4S_is1" = DreamCalc DCS4.6.1 Scientific Calculator
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExamQuest RG_MMT" = ExamQuest OCR GCSE Maths C
"ExamWizard EA_MATH" = ExamWizard Edexcel GCE Mathematics
"ExamWizard EG_MATHS" = ExamWizard Edexcel GCSE Mathematics
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Formulator Tarsia_is1" = Formulator Tarsia 2.0
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{068B2432-7CF2-449C-97A6-95E16E7F4880}" = OZ776 SCR Driver V1.1.4.202
"InstallShield_{3FA13137-DE7F-47CF-ABC8-6BE20863E329}" = TOSHIBA Tablet PC Extension
"InstallShield_{4BC9CBFF-F1A6-485E-A68F-7BC3E05082F8}" = ACTIVstudio 2 PE Help (GBR) v2.0.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{7D73FAB2-E2DB-4182-98A3-7E8D10EDB57F}" = Toshiba Data Projector
"InstallShield_{84EB5469-3665-4963-A345-6D07242D78F3}" = TOSHIBA Management Console Version 4.0 (4.0.1)
"InstallShield_{B4D050BA-F0A6-4F57-A0AC-CDCE03EA9B62}" = ACTIVstudio 2 Professional Edition v2.0.307
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Jigsaw_is1" = Jigsaw 2005
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"PhonePoint" = PhonePoint
"PRJSTD" = Microsoft Office Project Standard 2007
"PROSet" = Intel® PRO Network Connections Drivers
"Rapport_msi" = Rapport
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Shockwave" = Shockwave
"TomTom HOME" = TomTom HOME 2.5.2.60
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Touch Driver" = Touch Driver
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wireless Presenter" = Psiloc Wireless Presenter Desktop 2.20 (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/09/2009 10:36:20 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:20 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:20 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:20 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:20 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:21 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:21 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:21 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 10:36:21 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Windows Search Service | ID = 3013
Description =

Error - 30/09/2009 11:48:27 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 478 Start Time: 01ca419f9654b776 Termination Time: 0

[ OSession Events ]
Error - 09/02/2009 17:19:47 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1251
seconds with 360 seconds of active time. This session ended with a crash.

Error - 12/02/2009 17:19:12 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3690
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 15/02/2009 17:58:11 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11255
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 26/02/2009 10:58:30 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3605
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 18/04/2009 17:08:33 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3378
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 06/02/2010 08:11:07 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8586
seconds with 4920 seconds of active time. This session ended with a crash.

Error - 09/02/2010 15:04:30 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 288
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/04/2010 19:15:42 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = SAVOnAccess | ID = 3997781
Description = File [...a5e67a3c.manifest]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
TrustedInstalle, (start check timestamp [ 1cad38394b45840]).

Error - 03/04/2010 19:15:42 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = SAVOnAccess | ID = 3997781
Description = File [...iaHandler.dll.mui]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
TrustedInstalle, (start check timestamp [ 1cad38394b5b7d0]).

Error - 03/04/2010 19:15:42 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = SAVOnAccess | ID = 3997781
Description = File [...adba5086.manifest]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
TrustedInstalle, (start check timestamp [ 1cad38394b98860]).

Error - 03/04/2010 19:15:42 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = SAVOnAccess | ID = 3997781
Description = File [...ba5086\vdsdyn.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
TrustedInstalle, (start check timestamp [ 1cad38394bf7bd0]).

Error - 03/04/2010 19:15:42 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = SAVOnAccess | ID = 3997781
Description = File [...8e321e5c.manifest]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
TrustedInstalle, (start check timestamp [ 1cad38394d574d0]).

Error - 03/04/2010 20:06:55 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:05:03 on 04/04/2010 was unexpected.

Error - 03/04/2010 20:07:10 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain DJANOGLY due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 03/04/2010 20:07:43 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 03/04/2010 20:09:06 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 03/04/2010 20:09:39 | Computer Name = M700-KLT.djanogly.notts.sch.uk | Source = DCOM | ID = 10000
Description =


< End of report >

Hello kev123 and

I am Thomas (Tom is fine) and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O33 - MountPoints2\{047ece0b-07fe-11de-bcfb-00037a8bfa7b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
  O33 - MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\Shell - "" = AutoRun
  O33 - MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{8e21eafb-87ae-11de-869f-00215c359f57}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe -- File not found
  O33 - MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\Shell - "" = AutoRun
  O33 - MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe -- File not found
  O33 - MountPoints2\{ed62a557-1d2b-11df-b22b-001c7e7cf2a8}\Shell\AutoRun\command - "" = D:\Setup.now.exe -- File not found
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]

• Then click the Run Fix button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Did you set those entries?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = gateway.djanogly.notts.sch.uk;intranet.djanogly.notts.sch.uk;eportal.djanogly.notts.sch.uk;10.10.1.50;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.djanogly.notts.sch.uk:8080
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = djanogly.notts.sch.uk

Hi Tom,

Thank you very much for assisting me on this, appreciate it sorry I didnt back sooner, been swamped at home recently.

Firstly to answer your question, all the entries you mentioned to do with the proxy and 'djanogly' have been done by my work department, so would be safe.

I ran the OTL fix as you said, I am posting the log below, hope thats all ok?

Unfortunately Ill have to carry out the follow up OTL scan tomorrow hopefully.

Many thanks again for your help

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{047ece0b-07fe-11de-bcfb-00037a8bfa7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{047ece0b-07fe-11de-bcfb-00037a8bfa7b}\ not found.
File E:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2321fa75-ce1d-11de-85e5-00037a8bfa7b}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e21eafb-87ae-11de-869f-00215c359f57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e21eafb-87ae-11de-869f-00215c359f57}\ not found.
File E:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f66adbd-8076-11de-8b64-00037a8bfa7b}\ not found.
File D:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed62a557-1d2b-11df-b22b-001c7e7cf2a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed62a557-1d2b-11df-b22b-001c7e7cf2a8}\ not found.
File D:\Setup.now.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 008088
->Temp folder emptied: 36896 bytes
->Temporary Internet Files folder emptied: 2919711 bytes
->Flash cache emptied: 763 bytes

User: 008097
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: 04mbs
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: 05jnw
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: 05kss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: 06dgl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: 06mza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: s00klt
->Temp folder emptied: 44061181 bytes
->Temporary Internet Files folder emptied: 48440400 bytes
->Java cache emptied: 12446822 bytes
->FireFox cache emptied: 40480543 bytes
->Google Chrome cache emptied: 100727322 bytes
->Flash cache emptied: 20148 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20735246 bytes
RecycleBin emptied: 1164474 bytes

Total Files Cleaned = 259.00 mb


[EMPTYFLASH]

User: 008088
->Flash cache emptied: 0 bytes

User: 008097

User: 04mbs

User: 05jnw

User: 05kss
->Flash cache emptied: 0 bytes

User: 06dgl

User: 06mza

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: s00klt
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04112010_223410

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000006D6188DAFBD15F58EC not found!

Registry entries deleted on Reboot...

Edited by kev123, 11 April 2010 - 03:56 PM.

Ok, post the follow up scan when you are ready and we will go from there

Thanks mate.. I finally got the chance to post the log. Please find below:

OTL logfile created on: 12/04/2010 20:53:59 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\s00klt\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 41.90 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 111.79 Gb Total Space | 41.90 Gb Free Space | 37.48% Space Free | Partition Type: CSC-CACHE
I: Drive not present or media not loaded

Computer Name: M700-KLT
Current User Name: S00KLT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\s00klt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Users\s00klt\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Ranger Remote Control\runplugin.exe (NetSupport Ltd)
PRC - C:\Program Files\Ranger Remote Control\client32.exe (NetSupport Ltd)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
PRC - C:\Program Files\TrueSuite Access Manager\CssSvr.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe (TOSHIBA)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\s00klt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Client32) -- C:\Program Files\Ranger Remote Control\client32.exe (NetSupport Ltd)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (NGCLIENT) -- C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ddnt) -- C:\Windows\System32\drivers\ddnt.sys ()
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (gdihook5) -- C:\Windows\System32\drivers\gdihook5.sys (NetSupport Ltd)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (wisdpen) -- C:\Windows\System32\drivers\wisdpen.sys (Wacom Technology)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nskbfltr) -- C:\Windows\System32\drivers\nskbfltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (PCISys) -- C:\Windows\System32\drivers\pcisys.old (NetSupport Ltd)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (Thpdrv) -- C:\Windows\system32\DRIVERS\Thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (TBtnKey) -- C:\Windows\System32\drivers\TBtnKey.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)
DRV - (TosDPJReg) -- C:\Windows\System32\drivers\TosDPJReg.sys (Toshiba Corporation)
DRV - (TosDPJDD) -- C:\Windows\System32\drivers\TosDPJDD.sys (Toshiba Corporation)
DRV - (Tosntdpd) -- C:\Windows\System32\drivers\Tosntdpd.sys (Toshiba Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.dja...y.notts.sch.uk/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 26 EA 88 A7 B1 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = gateway.djanogly.notts.sch.uk;intranet.djanogly.notts.sch.uk;eportal.djanogly.notts.sch.uk;10.10.1.50;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.djanogly.notts.sch.uk:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 11:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/20 00:04:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 00:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 00:16:29 | 000,000,000 | ---D | M]

[2009/07/04 22:20:51 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions
[2009/07/04 22:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/10 00:57:16 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/04/08 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions
[2010/01/12 23:00:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/04 22:23:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/23 12:48:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/17 21:38:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/23 12:48:35 | 000,000,000 | ---D | M] (Answers) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/01/07 15:21:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/10 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\[email protected]
[2009/11/29 12:52:26 | 000,000,564 | ---- | M] () -- C:\Users\s00klt\AppData\Roaming\Mozilla\FireFox\Profiles\xqo04olt.default\searchplugins\bing.xml
[2010/04/08 22:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/10 00:16:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/16 22:32:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/01/03 17:09:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/02/10 00:16:13 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/10 00:16:13 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/02/10 00:16:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/02 22:13:10 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/05/01 22:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/02/10 00:16:23 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/10 00:16:23 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/10 00:16:23 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/10 00:16:23 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/10 00:16:23 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/10 00:16:23 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/10 00:16:23 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/10 00:16:23 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/11 22:35:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Button Disable] C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe (TOSHIBA)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\s00klt\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\s00klt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Date/Time
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Fax
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Folder Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Game Controllers
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Intel® PROSet
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = Mail
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = Scheduled Tasks
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Toshiba HWSetup
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = Toshiba Mobile Extension
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = Users and Passwords
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Wireless Network
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = Yamaha AC-XG
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} https://intranet.dja...lib/VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://edexcel.webe...ng/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = djanogly.notts.sch.uk
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O24 - Desktop BackupWallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/11 22:34:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/04 01:16:22 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\s00klt\Desktop\OTL.exe
[2010/04/04 00:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/04 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/02 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\s00klt\Desktop\film
[2010/03/30 19:53:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 19:53:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 19:53:17 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 19:53:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 19:53:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 19:53:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 19:53:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 19:53:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 19:53:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 19:53:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 19:53:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 19:53:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 19:53:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 19:53:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 19:53:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/24 14:12:27 | 000,000,000 | --SD | C] -- \\dcan-nas1\staff\S00KLT\SharePoint Drafts

========== Files - Modified Within 30 Days ==========

[2010/04/12 20:53:22 | 004,980,736 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT
[2010/04/12 20:34:08 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 20:34:08 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 20:29:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134UA.job
[2010/04/12 20:00:15 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Mobile.job
[2010/04/12 19:16:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/12 18:51:21 | 000,214,528 | ---- | M] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 18:43:55 | 000,001,338 | ---- | M] () -- C:\Users\s00klt\Desktop\Plans & Elevations - Shortcut.lnk
[2010/04/12 18:34:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/12 18:33:56 | 3211,632,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 18:33:55 | 000,000,008 | ---- | M] () -- C:\Windows\System32\pcisys.ntk
[2010/04/12 17:21:34 | 000,524,288 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 17:21:34 | 000,065,536 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/04/12 17:21:12 | 002,238,862 | -H-- | M] () -- C:\Users\s00klt\AppData\Local\IconCache.db
[2010/04/12 13:23:57 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BABF0C7D-0C96-483C-AFF7-C35A049052ED}.job
[2010/04/11 22:35:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/04/11 22:29:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134Core.job
[2010/04/11 22:20:57 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/11 22:20:57 | 000,612,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/11 22:20:57 | 000,110,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/11 22:06:23 | 350,912,183 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/08 08:20:06 | 000,481,092 | ---- | M] () -- C:\Users\s00klt\Desktop\solving equations all types.pptx
[2010/04/04 01:16:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\s00klt\Desktop\OTL.exe
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 14:47:05 | 000,000,288 | ---- | M] () -- \\dcan-nas1\staff\S00KLT\TenQQ.ini
[2010/03/25 17:36:38 | 000,091,143 | ---- | M] () -- C:\Users\s00klt\Desktop\TOI.pdf
[2010/03/25 11:37:36 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/03/15 01:26:19 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI

========== Files Created - No Company Name ==========

[2010/04/12 18:43:55 | 000,001,338 | ---- | C] () -- C:\Users\s00klt\Desktop\Plans & Elevations - Shortcut.lnk
[2010/04/07 08:53:26 | 000,481,092 | ---- | C] () -- C:\Users\s00klt\Desktop\solving equations all types.pptx
[2010/04/04 12:23:00 | 3211,632,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/04 01:12:43 | 000,293,376 | ---- | C] () -- C:\Users\s00klt\Desktop\gmer.exe
[2010/03/25 17:36:38 | 000,091,143 | ---- | C] () -- C:\Users\s00klt\Desktop\TOI.pdf
[2010/02/19 17:25:53 | 000,000,264 | ---- | C] () -- C:\Windows\{F6FD021A-39D8-4224-94BB-D01BB5316A3A}_WiseFW.ini
[2010/02/10 23:56:33 | 000,000,264 | ---- | C] () -- C:\Windows\{02FC8EFD-692D-49FB-96FA-0CA20E53FD3B}_WiseFW.ini
[2010/01/27 19:15:35 | 000,001,783 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DreamCalc DC4S.dat
[2010/01/14 15:55:44 | 000,000,093 | ---- | C] () -- C:\Windows\LOGO.INI
[2010/01/12 14:23:38 | 000,004,096 | -H-- | C] () -- C:\Users\s00klt\AppData\Local\keyfile3.drm
[2009/12/28 21:27:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/24 12:11:06 | 000,001,065 | ---- | C] () -- C:\Windows\Winamp.ini
[2009/12/24 12:11:00 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2009/09/16 09:12:59 | 000,000,125 | ---- | C] () -- C:\Windows\olltwitflashcard.ini
[2009/09/09 16:28:21 | 000,000,786 | ---- | C] () -- C:\Windows\exampro32.ini
[2009/09/09 16:28:17 | 000,536,576 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/09/09 16:28:17 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009/08/25 08:39:07 | 000,000,271 | ---- | C] () -- C:\Windows\ricdb.ini
[2009/07/27 09:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/05 18:50:51 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/06/01 14:49:39 | 000,009,216 | ---- | C] () -- C:\Windows\System32\ddvdd.dll
[2009/06/01 14:49:39 | 000,007,072 | ---- | C] () -- C:\Windows\System32\drivers\ddnt.sys
[2009/04/13 16:00:15 | 000,000,680 | ---- | C] () -- C:\Users\s00klt\AppData\Local\d3d9caps.dat
[2009/01/06 10:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/12/19 15:19:11 | 000,214,528 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 13:32:53 | 000,027,852 | RHS- | C] () -- C:\Users\s00klt\ntuser.pol
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2008/12/19 13:32:46 | 000,262,144 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG1
[2008/12/19 13:32:46 | 000,065,536 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2008/12/19 13:32:46 | 000,000,020 | -HS- | C] () -- C:\Users\s00klt\ntuser.ini
[2008/12/19 13:32:46 | 000,000,000 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG2
[2008/12/19 13:32:45 | 004,980,736 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT
[2008/11/20 10:44:49 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/11/20 10:44:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/20 10:44:45 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/20 10:44:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/20 10:44:44 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/20 10:44:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/20 10:44:41 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/11/19 14:46:34 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/19 10:41:35 | 000,036,918 | ---- | C] () -- C:\Windows\System32\pcimsg.dll
[2008/11/19 10:41:35 | 000,020,542 | ---- | C] () -- C:\Windows\System32\pcivdd.dll
[2008/11/19 09:45:21 | 000,000,290 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/18 17:03:23 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/11/18 14:14:49 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/11/18 13:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/11/18 13:02:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/18 13:02:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/18 13:02:27 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/18 13:02:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/11/18 11:14:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2008/11/18 11:09:13 | 000,006,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:48:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2002/10/17 17:16:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\TOSMgmt.dll
[2002/09/24 13:19:02 | 000,053,760 | ---- | C] () -- C:\Windows\System32\DD32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F652F80
< End of report >

Hi there


I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


How is the system running now?

Thanks Tom, your a star!

Actually I do think it is running slightly better, I think the windows explorer crash is slightly less frequent however still happens time to time...

I will run the scan this weekend if that's ok mate? Just been really busy with work and that...


Thank you very much once again... shall post log soon

Edited by kev123, 14 April 2010 - 01:52 PM.

No problem, run it when you have time.

And you're welcome

Hi Tom,

hope your well mate.. apologies was the delay, been struggling with time recently... Anyway I finally finished the scan

Thanks again mate...

Kev

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e68d75756588a44b821aef393152c4c8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-21 08:33:24
# local_time=2010-04-21 09:33:24 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 78644 109401751 0 0
# compatibility_mode=8192 67108863 100 0 277 277 0 0
# compatibility_mode=8449 16775165 100 97 899 44853885 0 0
# scanned=239703
# found=2
# cleaned=2
# scan_time=12941
C:\Users\s00klt\Desktop\E71 apps\symbian_e71_-free-_apps.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\s00klt\Desktop\E71 apps\[s]2008 S60v3 Apps Collection Cracked By illusion.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

Hi,

Looks good to me

Please pot back with a fresh OTL logfile and tell me how the system is running

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Reopened by user request.

Many thanks Tom.. your a star

The comp is ok however I still fairly frequently get the windows explorer has crashed, and have to press restart program... But hey we did try, and I do appreciate all the assistance you have given

If this log is ok, guess ill have to deal with it for now as I can still use it and if there is no other option I guess I would get it re-imaged in a few months.

Kev

OTL logfile created on: 01/05/2010 09:34:20 - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\s00klt\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 40.37 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 111.79 Gb Total Space | 40.37 Gb Free Space | 36.12% Space Free | Partition Type: CSC-CACHE
I: Drive not present or media not loaded

Computer Name: M700-KLT
Current User Name: s00klt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Users\s00klt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Users\s00klt\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Ranger Remote Control\runplugin.exe (NetSupport Ltd)
PRC - C:\Program Files\Ranger Remote Control\client32.exe (NetSupport Ltd)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
PRC - C:\Program Files\TrueSuite Access Manager\CssSvr.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe (TOSHIBA)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\Users\s00klt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Client32) -- C:\Program Files\Ranger Remote Control\client32.exe (NetSupport Ltd)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (NGCLIENT) -- C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.dja...y.notts.sch.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://gateway.djanogly.notts.sch.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 26 EA 88 A7 B1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = gateway.djanogly.notts.sch.uk;intranet.djanogly.notts.sch.uk;eportal.djanogly.notts.sch.uk;10.10.1.50;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.djanogly.notts.sch.uk:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.djanogly.notts.sch.uk"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/20 00:04:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 00:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 21:07:39 | 000,000,000 | ---D | M]

[2009/07/04 22:20:51 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions
[2009/03/10 00:57:16 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/05/01 09:15:10 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions
[2010/01/12 23:00:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/04 22:23:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/23 12:48:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/17 21:38:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/23 12:48:35 | 000,000,000 | ---D | M] (Answers) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/01/07 15:21:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/10 00:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/10 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\mozilla\Firefox\Profiles\xqo04olt.default\extensions\[email protected]
[2009/11/29 12:52:26 | 000,000,564 | ---- | M] () -- C:\Users\s00klt\AppData\Roaming\Mozilla\FireFox\Profiles\xqo04olt.default\searchplugins\bing.xml
[2010/05/01 09:15:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/02/10 00:16:23 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/10 00:16:23 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/10 00:16:23 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/10 00:16:23 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/11 22:35:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Button Disable] C:\Program Files\TOSHIBA\TOSHIBA Button Disable\TBD.exe (TOSHIBA)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\TOSHIBA\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\s00klt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Date/Time
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Fax
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Folder Options
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Game Controllers
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Intel® PROSet
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = Mail
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = Scheduled Tasks
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Toshiba HWSetup
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = Toshiba Mobile Extension
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = Users and Passwords
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Wireless Network
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = Yamaha AC-XG
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\NSL\nslsp.dll (Netsupport Ltd)
O13 - gopher Prefix: missing
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} https://intranet.dja...lib/VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://edexcel.webe...ng/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = djanogly.notts.sch.uk
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O24 - Desktop BackupWallPaper: C:\Users\s00klt\Desktop\KLT\My Pictures\Picture1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/11/19 15:11:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/30 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\s00klt\AppData\Local\Mindjet
[2010/04/30 09:43:34 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2010/04/30 09:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/04/30 09:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2010/04/28 12:23:56 | 000,129,576 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2010/04/28 12:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2010/04/28 12:23:28 | 000,026,664 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2010/04/28 12:19:43 | 000,023,928 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2010/04/28 12:18:55 | 000,121,848 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/04/28 12:18:47 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2010/04/27 21:14:28 | 000,000,000 | ---D | C] -- C:\Users\s00klt\Desktop\learning walks PRINT
[2010/04/21 17:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/18 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\s00klt\Desktop\Maths ssl

========== Files - Modified Within 14 Days ==========

[2010/05/01 09:35:43 | 005,242,880 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT
[2010/05/01 09:29:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134UA.job
[2010/05/01 09:08:16 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 09:08:16 | 000,005,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 08:59:47 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BABF0C7D-0C96-483C-AFF7-C35A049052ED}.job
[2010/05/01 08:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/01 08:16:56 | 000,055,389 | ---- | M] () -- C:\Users\s00klt\Desktop\PRINT S1REVCARD.docx
[2010/05/01 07:15:18 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1682526488-682003330-24134Core.job
[2010/05/01 07:09:00 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Daily.job
[2010/04/30 12:54:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/30 12:54:05 | 3211,632,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/30 12:54:02 | 000,000,008 | ---- | M] () -- C:\Windows\System32\pcisys.ntk
[2010/04/30 12:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 12:53:07 | 000,065,536 | -HS- | M] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/04/30 12:52:33 | 003,377,208 | -H-- | M] () -- C:\Users\s00klt\AppData\Local\IconCache.db
[2010/04/29 16:29:00 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:14:39 | 001,338,336 | ---- | M] () -- C:\Users\s00klt\Desktop\9a2 Indices lesson 1.pptx
[2010/04/29 06:21:16 | 001,736,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/28 21:52:13 | 000,553,455 | ---- | M] () -- C:\Users\s00klt\Desktop\Interview_prep_(16-19).pdf
[2010/04/28 15:35:03 | 000,006,546 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/28 12:19:43 | 000,023,928 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2010/04/28 12:19:05 | 000,026,664 | ---- | M] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2010/04/28 12:18:55 | 000,121,848 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/04/28 12:18:47 | 000,129,576 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2010/04/28 12:18:47 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2010/04/27 20:12:28 | 000,214,528 | ---- | M] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 15:01:45 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/20 15:01:45 | 000,612,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 15:01:45 | 000,110,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/05/01 08:16:53 | 000,055,389 | ---- | C] () -- C:\Users\s00klt\Desktop\PRINT S1REVCARD.docx
[2010/04/29 16:31:37 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\Daily.job
[2010/04/29 16:29:00 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/04/28 21:52:12 | 000,553,455 | ---- | C] () -- C:\Users\s00klt\Desktop\Interview_prep_(16-19).pdf
[2010/04/28 18:28:11 | 001,338,336 | ---- | C] () -- C:\Users\s00klt\Desktop\9a2 Indices lesson 1.pptx
[2010/04/14 10:39:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2010/02/19 17:25:53 | 000,000,264 | ---- | C] () -- C:\Windows\{F6FD021A-39D8-4224-94BB-D01BB5316A3A}_WiseFW.ini
[2010/02/10 23:56:33 | 000,000,264 | ---- | C] () -- C:\Windows\{02FC8EFD-692D-49FB-96FA-0CA20E53FD3B}_WiseFW.ini
[2010/01/27 19:15:35 | 000,001,783 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DreamCalc DC4S.dat
[2010/01/14 15:55:44 | 000,000,093 | ---- | C] () -- C:\Windows\LOGO.INI
[2010/01/12 14:23:38 | 000,004,096 | -H-- | C] () -- C:\Users\s00klt\AppData\Local\keyfile3.drm
[2009/12/28 21:27:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/24 12:11:06 | 000,001,065 | ---- | C] () -- C:\Windows\Winamp.ini
[2009/12/24 12:11:00 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2009/09/16 09:12:59 | 000,000,125 | ---- | C] () -- C:\Windows\olltwitflashcard.ini
[2009/09/09 16:28:21 | 000,000,786 | ---- | C] () -- C:\Windows\exampro32.ini
[2009/09/09 16:28:17 | 000,536,576 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/09/09 16:28:17 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009/08/25 08:39:07 | 000,000,271 | ---- | C] () -- C:\Windows\ricdb.ini
[2009/07/27 09:44:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/05 18:50:51 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/06/01 14:49:39 | 000,009,216 | ---- | C] () -- C:\Windows\System32\ddvdd.dll
[2009/06/01 14:49:39 | 000,007,072 | ---- | C] () -- C:\Windows\System32\drivers\ddnt.sys
[2009/04/13 16:00:15 | 000,000,680 | ---- | C] () -- C:\Users\s00klt\AppData\Local\d3d9caps.dat
[2009/01/06 10:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/12/19 15:19:11 | 000,214,528 | ---- | C] () -- C:\Users\s00klt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 13:32:53 | 000,027,852 | RHS- | C] () -- C:\Users\s00klt\ntuser.pol
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2008/12/19 13:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2008/12/19 13:32:46 | 000,262,144 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG1
[2008/12/19 13:32:46 | 000,065,536 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2008/12/19 13:32:46 | 000,000,020 | -HS- | C] () -- C:\Users\s00klt\ntuser.ini
[2008/12/19 13:32:46 | 000,000,000 | -H-- | C] () -- C:\Users\s00klt\ntuser.dat.LOG2
[2008/12/19 13:32:45 | 005,242,880 | -HS- | C] () -- C:\Users\s00klt\NTUSER.DAT
[2008/11/20 10:44:49 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/11/20 10:44:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/20 10:44:45 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/20 10:44:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/20 10:44:44 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/20 10:44:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/20 10:44:41 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/11/19 14:46:34 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/19 10:41:35 | 000,036,918 | ---- | C] () -- C:\Windows\System32\pcimsg.dll
[2008/11/19 10:41:35 | 000,020,542 | ---- | C] () -- C:\Windows\System32\pcivdd.dll
[2008/11/19 09:45:21 | 000,000,290 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/18 17:03:23 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/11/18 14:14:49 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/11/18 13:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/11/18 13:02:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/11/18 13:02:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/11/18 13:02:27 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/11/18 13:02:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/11/18 11:14:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2008/11/18 11:09:13 | 000,006,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2002/10/17 17:16:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\TOSMgmt.dll
[2002/09/24 13:19:02 | 000,053,760 | ---- | C] () -- C:\Windows\System32\DD32.dll

========== LOP Check ==========

[2009/11/10 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Canneverbe_Limited
[2009/12/28 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\DAEMON Tools Lite
[2010/01/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\GetRightToGo
[2009/04/27 11:08:30 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Hermitech Laboratory
[2009/07/20 00:07:57 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Nokia
[2009/07/20 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\PC Suite
[2009/08/17 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\PhoneRemoteControl
[2009/01/05 13:27:08 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Ranger
[2009/02/27 00:12:35 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Schoolhouse Technologies
[2009/03/10 00:57:14 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\TomTom
[2009/02/22 20:30:07 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\toshiba
[2010/02/07 17:43:43 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Trusteer
[2010/01/17 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\Uniblue
[2009/12/09 16:46:00 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\webex
[2009/09/05 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\s00klt\AppData\Roaming\WTouch
[2010/05/01 07:09:00 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Daily.job
[2010/04/30 12:53:03 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/01 08:59:47 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BABF0C7D-0C96-483C-AFF7-C35A049052ED}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/19 03:07:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/30 12:54:05 | 3211,632,640 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/20 10:19:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/01 09:04:03 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/11/20 10:19:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/30 12:54:03 | 3525,251,072 | -HS- | M] () -- C:\pagefile.sys
[2009/11/24 22:23:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/11/25 21:36:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/11/26 16:11:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/11/26 17:24:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/11/26 19:22:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/11/27 21:00:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/11/16 22:37:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/11/16 22:40:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/11/17 14:08:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/11/17 22:03:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/11/18 20:24:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/11/18 20:30:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/19 15:41:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/20 16:04:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/21 21:55:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/22 13:24:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/23 20:41:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/11/23 20:43:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/11/23 20:52:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/11/24 19:19:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/11/24 22:23:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/11/25 21:36:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/11/26 16:11:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/11/26 17:24:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/11/26 19:22:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/11/27 21:00:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/11/16 22:37:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/11/16 22:40:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/11/17 14:08:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/11/17 22:03:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/11/18 20:24:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/11/18 20:30:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/19 15:41:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/11/20 16:04:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/11/21 21:55:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/11/22 13:24:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/23 20:41:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/11/23 20:43:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/11/23 20:52:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/11/24 19:19:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 07:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/25 22:08:42 | 000,390,528 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportBuka.sys
[2010/04/28 12:18:55 | 000,121,848 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/04/28 12:19:43 | 000,023,928 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2010/04/28 12:18:47 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F652F80
< End of report >