I recently have had emails from friends via hotmail that have led me to a site that looks like an official microsoft antivirus site, telling me my laptop is infected and its running a scan. im unable to shut down the page and have to use ctrl alt del to do so.
since then i have noticed my laptop being very very slow. also malwarebytes runs and finds nothing, but then will not shut down after a scan, (not responding) this is happening to a lot of programes, run slow then freze and im unable to shut down.
also sometimes while browsing the web my speed seems to be ok, but will gradually slow down, and then become unusable.
heres the otl log
thanks in advance guys n gals
OTL logfile created on: 09/06/2011 21:22:14 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Mary Newton\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 107.51 Mb Available Physical Memory | 56.15% Memory free
466.43 Mb Paging File | 277.65 Mb Available in Paging File | 59.53% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 9.71 Gb Free Space | 26.06% Space Free | Partition Type: NTFS
Computer Name: YOUR-BM7ACOQIYX | User Name: Mary Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/04/30 16:42:36 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2004/04/29 10:18:52 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/04/27 09:02:40 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/02/12 11:02:38 | 001,019,904 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
PRC - [2004/01/22 17:09:00 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
========== Modules (SafeList) ==========
MOD - [2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/01/22 17:08:52 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/01/06 12:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbycoms.exe -- (lxby_device)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe -- (NICSer_WPC54G)
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/06 19:40:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/06 19:40:55 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2006/03/26 13:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 17:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 10:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 15:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/08 03:13:38 | 000,265,344 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRV8335XP.sys -- (W8335XP)
DRV - [2004/09/24 23:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/28 11:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/14 14:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/03/09 20:28:38 | 000,680,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/27 01:31:38 | 000,004,224 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/05 19:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/27 13:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/02/18 19:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/10 16:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/11/05 16:00:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP14.SYS -- (HPFECP14)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Philips Songbird"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions
[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions\[email protected]
[2011/01/29 16:49:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Application Data\Philips-Songbird\Profiles\8ym8n54h.default\searchplugins\9f079b2e-5f58-4c98-8f25-97093006cff8.xml
[2011/01/31 20:32:43 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (Freeserve) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Search with Freeserve - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: tesco.net ([memberservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([register] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} https://www.wanadoo....rs/sd0101_5.exe (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.thephotob...ects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8153.2020601852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: NTLSignup https://register.tes...o/NTLSignup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/18 07:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50124b39-f58c-11dc-b89a-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell - "" = Autorun
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/09 21:18:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/05/17 19:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Newton\Desktop\ebay may
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/06/09 21:04:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/06/09 21:04:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 21:03:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 19:02:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 22:21:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 19:36:28 | 001,128,894 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 21:40:25 | 007,540,420 | ---- | M] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2011/05/27 19:19:26 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 17:26:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/07 21:41:42 | 001,128,894 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/28 21:40:20 | 007,540,420 | ---- | C] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2010/11/24 23:19:53 | 000,468,084 | ---- | C] () -- C:\WINDOWS\cluninst.exe
[2010/11/24 23:18:02 | 000,000,098 | ---- | C] () -- C:\WINDOWS\etkinst.ini
[2010/05/14 15:38:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll
[2008/09/16 20:42:59 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2008/05/23 17:19:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2008/01/30 09:48:11 | 000,084,019 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2008/01/30 09:48:10 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2008/01/24 09:18:02 | 000,083,606 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/01/24 09:18:02 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2007/04/28 20:19:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/01/06 13:38:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/04 07:59:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2006/07/07 23:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/07/02 16:04:33 | 000,001,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/27 17:26:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/27 14:15:39 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/03/16 13:43:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2005/09/23 14:59:54 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/07 10:07:06 | 000,000,268 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/04/27 23:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 23:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/28 21:30:56 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\jzqxrzsa.dat
[2005/02/18 09:28:26 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/12/24 17:20:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\HPFTBX14.INI
[2004/12/05 13:10:06 | 000,000,903 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/25 19:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/06 20:21:31 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/29 20:10:31 | 000,000,203 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/06/16 09:28:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/05/19 11:07:43 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/05/19 11:07:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/05/19 11:07:43 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/05/19 11:07:43 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/05/19 08:09:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2004/05/19 08:09:02 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2004/05/18 14:11:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/18 12:53:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/18 12:53:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/18 12:53:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/18 12:53:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/18 12:50:32 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/05/18 12:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/05/18 12:00:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/05/18 12:00:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/05/18 11:47:42 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/05/18 11:47:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/18 11:47:39 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/18 11:42:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/18 11:38:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2004/05/18 11:38:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2004/05/18 11:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
[2004/05/18 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/18 11:17:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/05/18 08:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/18 08:31:04 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/18 08:02:37 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/18 07:46:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/18 07:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/18 07:37:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/18 06:27:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/18 06:27:30 | 000,381,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/18 06:27:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/05/18 06:27:30 | 000,053,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/18 06:27:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/05/18 06:27:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/05/18 06:27:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/18 06:27:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/18 06:27:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/05/18 06:27:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/05/18 06:27:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/05/18 06:27:05 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/15 18:28:08 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/09/25 10:42:04 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg14.exe
[1998/09/25 10:41:34 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.ini
[1998/09/25 10:41:32 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.exe
[1998/09/25 10:39:30 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx14.exe
[1998/09/25 10:36:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid14.exe
[1998/09/25 10:34:28 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat14.dll
[1998/09/25 10:32:22 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp14.dll
[1998/09/25 10:21:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl14.dll
[1998/09/25 10:21:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl14.dll
[1998/09/25 10:21:18 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl14.dll
[1998/09/25 10:21:12 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl14.dll
[1998/09/25 10:16:28 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps14.dll
[1998/09/25 10:16:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r14.dll
[1998/09/25 10:14:48 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst14.dll
[1998/09/25 10:07:30 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui14.dll
[1998/09/25 10:02:00 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin14.dll
[1998/09/25 09:58:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon14.dll
[1998/09/25 09:58:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl14.dll
[1998/09/25 09:56:00 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop14.dll
[1998/09/25 09:55:48 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml14.dll
[1998/09/25 09:55:42 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc14.dll
[1998/09/25 09:55:36 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem14.dll
[1998/09/25 09:55:30 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm14.dll
[1998/09/25 09:55:20 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom14.dll
[1998/09/25 09:54:28 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp14.sys
[1998/09/25 09:53:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu14.dll
[1998/09/25 09:53:10 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa14.dll
[1998/09/25 09:48:44 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg14.dll
[1998/09/25 09:45:34 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt14.dll
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
< End of report >
OTL Extras logfile created on: 09/06/2011 21:22:15 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Mary Newton\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 107.51 Mb Available Physical Memory | 56.15% Memory free
466.43 Mb Paging File | 277.65 Mb Available in Paging File | 59.53% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 9.71 Gb Free Space | 26.06% Space Free | Partition Type: NTFS
Computer Name: YOUR-BM7ACOQIYX | User Name: Mary Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
"C:\Program Files\Linksys\Home Wireless-G PC Card\Gcc.exe" = C:\Program Files\Linksys\Home Wireless-G PC Card\Gcc.exe:*:Enabled:Home Wireless-G PC Card -- ()
"C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA)
"C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe:*:Enabled:Search for Wireless Devices -- (TOSHIBA)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Home Wireless-G PC Card
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ETKA" = ETKA
"HP DeskJet 720C Series" = HP DeskJet 720C Series (Remove only)
"HTMLKit_is1" = HTML-Kit
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InCD!UninstallKey" = InCD
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"InterActual Player" = InterActual Player
"Lexmark P910 Series" = Lexmark P910 Series
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MicroDialler" = Wanadoo Connection Kit v1.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PCFriendly" = PCFriendly
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"Tesconet" = Tesco internet access dialler
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"Update Engine" = Sony Ericsson Update Engine
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Wise PC Engineer_is1" = Wise PC Engineer 6.3.3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04/05/2011 17:52:16 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 15/05/2011 12:10:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 19/05/2011 18:03:16 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 20/05/2011 13:59:51 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 02/06/2011 13:42:01 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 02/06/2011 15:26:06 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 07/06/2011 13:29:39 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 11/05/2011 11:26:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 11/05/2011 11:26:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 19/05/2011 01:59:46 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 19/05/2011 02:00:08 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 23/05/2011 18:22:02 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 23/05/2011 18:22:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 24/05/2011 14:36:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 24/05/2011 14:36:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 08/06/2011 17:27:53 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 08/06/2011 17:28:17 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).
< End of report >