Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win antivirus snail pace laptop

Started by hoopdub2 , Jun 09 2011 02:42 PM

  • Please log in to reply

#1
hoopdub2
Posted 09 June 2011 - 02:42 PM

hoopdub2

    Member

  • Member
  • PipPip
  • 74 posts
Hi there PC gods, i wonder if i could have some of your vast knowladge please.

I recently have had emails from friends via hotmail that have led me to a site that looks like an official microsoft antivirus site, telling me my laptop is infected and its running a scan. im unable to shut down the page and have to use ctrl alt del to do so.

since then i have noticed my laptop being very very slow. also malwarebytes runs and finds nothing, but then will not shut down after a scan, (not responding) this is happening to a lot of programes, run slow then freze and im unable to shut down.

also sometimes while browsing the web my speed seems to be ok, but will gradually slow down, and then become unusable.

heres the otl log

thanks in advance guys n gals

OTL logfile created on: 09/06/2011 21:22:14 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Mary Newton\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

191.48 Mb Total Physical Memory | 107.51 Mb Available Physical Memory | 56.15% Memory free
466.43 Mb Paging File | 277.65 Mb Available in Paging File | 59.53% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 9.71 Gb Free Space | 26.06% Space Free | Partition Type: NTFS

Computer Name: YOUR-BM7ACOQIYX | User Name: Mary Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/04/30 16:42:36 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2004/04/29 10:18:52 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/04/27 09:02:40 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/02/12 11:02:38 | 001,019,904 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
PRC - [2004/01/22 17:09:00 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/01/22 17:08:52 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/01/06 12:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbycoms.exe -- (lxby_device)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe -- (NICSer_WPC54G)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/06 19:40:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/06 19:40:55 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2006/03/26 13:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 17:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 10:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 15:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/08 03:13:38 | 000,265,344 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRV8335XP.sys -- (W8335XP)
DRV - [2004/09/24 23:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/28 11:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/14 14:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/03/09 20:28:38 | 000,680,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/27 01:31:38 | 000,004,224 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/05 19:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/27 13:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/02/18 19:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/10 16:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/11/05 16:00:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP14.SYS -- (HPFECP14)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Philips Songbird"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667


[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions
[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions\[email protected]
[2011/01/29 16:49:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Application Data\Philips-Songbird\Profiles\8ym8n54h.default\searchplugins\9f079b2e-5f58-4c98-8f25-97093006cff8.xml
[2011/01/31 20:32:43 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]

O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (Freeserve) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Search with Freeserve - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: tesco.net ([memberservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([register] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} https://www.wanadoo....rs/sd0101_5.exe (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.thephotob...ects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8153.2020601852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: NTLSignup https://register.tes...o/NTLSignup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/18 07:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50124b39-f58c-11dc-b89a-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell - "" = Autorun
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 21:18:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/05/17 19:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Newton\Desktop\ebay may
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/06/09 21:04:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/06/09 21:04:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 21:03:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 19:02:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 22:21:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 19:36:28 | 001,128,894 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 21:40:25 | 007,540,420 | ---- | M] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2011/05/27 19:19:26 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 17:26:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 21:41:42 | 001,128,894 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/28 21:40:20 | 007,540,420 | ---- | C] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2010/11/24 23:19:53 | 000,468,084 | ---- | C] () -- C:\WINDOWS\cluninst.exe
[2010/11/24 23:18:02 | 000,000,098 | ---- | C] () -- C:\WINDOWS\etkinst.ini
[2010/05/14 15:38:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll
[2008/09/16 20:42:59 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2008/05/23 17:19:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2008/01/30 09:48:11 | 000,084,019 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2008/01/30 09:48:10 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2008/01/24 09:18:02 | 000,083,606 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/01/24 09:18:02 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2007/04/28 20:19:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/01/06 13:38:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/04 07:59:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2006/07/07 23:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/07/02 16:04:33 | 000,001,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/27 17:26:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/27 14:15:39 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/03/16 13:43:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2005/09/23 14:59:54 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/07 10:07:06 | 000,000,268 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/04/27 23:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 23:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/28 21:30:56 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\jzqxrzsa.dat
[2005/02/18 09:28:26 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/12/24 17:20:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\HPFTBX14.INI
[2004/12/05 13:10:06 | 000,000,903 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/25 19:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/06 20:21:31 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/29 20:10:31 | 000,000,203 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/06/16 09:28:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/05/19 11:07:43 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/05/19 11:07:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/05/19 11:07:43 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/05/19 11:07:43 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/05/19 08:09:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2004/05/19 08:09:02 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2004/05/18 14:11:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/18 12:53:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/18 12:53:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/18 12:53:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/18 12:53:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/18 12:50:32 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/05/18 12:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/05/18 12:00:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/05/18 12:00:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/05/18 11:47:42 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/05/18 11:47:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/18 11:47:39 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/18 11:42:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/18 11:38:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2004/05/18 11:38:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2004/05/18 11:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
[2004/05/18 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/18 11:17:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/05/18 08:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/18 08:31:04 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/18 08:02:37 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/18 07:46:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/18 07:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/18 07:37:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/18 06:27:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/18 06:27:30 | 000,381,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/18 06:27:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/05/18 06:27:30 | 000,053,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/18 06:27:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/05/18 06:27:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/05/18 06:27:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/18 06:27:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/18 06:27:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/05/18 06:27:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/05/18 06:27:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/05/18 06:27:05 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/15 18:28:08 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/09/25 10:42:04 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg14.exe
[1998/09/25 10:41:34 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.ini
[1998/09/25 10:41:32 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.exe
[1998/09/25 10:39:30 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx14.exe
[1998/09/25 10:36:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid14.exe
[1998/09/25 10:34:28 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat14.dll
[1998/09/25 10:32:22 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp14.dll
[1998/09/25 10:21:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl14.dll
[1998/09/25 10:21:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl14.dll
[1998/09/25 10:21:18 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl14.dll
[1998/09/25 10:21:12 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl14.dll
[1998/09/25 10:16:28 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps14.dll
[1998/09/25 10:16:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r14.dll
[1998/09/25 10:14:48 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst14.dll
[1998/09/25 10:07:30 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui14.dll
[1998/09/25 10:02:00 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin14.dll
[1998/09/25 09:58:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon14.dll
[1998/09/25 09:58:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl14.dll
[1998/09/25 09:56:00 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop14.dll
[1998/09/25 09:55:48 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml14.dll
[1998/09/25 09:55:42 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc14.dll
[1998/09/25 09:55:36 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem14.dll
[1998/09/25 09:55:30 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm14.dll
[1998/09/25 09:55:20 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom14.dll
[1998/09/25 09:54:28 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp14.sys
[1998/09/25 09:53:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu14.dll
[1998/09/25 09:53:10 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa14.dll
[1998/09/25 09:48:44 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg14.dll
[1998/09/25 09:45:34 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt14.dll
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

< End of report >


OTL Extras logfile created on: 09/06/2011 21:22:15 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Mary Newton\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

191.48 Mb Total Physical Memory | 107.51 Mb Available Physical Memory | 56.15% Memory free
466.43 Mb Paging File | 277.65 Mb Available in Paging File | 59.53% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 9.71 Gb Free Space | 26.06% Space Free | Partition Type: NTFS

Computer Name: YOUR-BM7ACOQIYX | User Name: Mary Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
"C:\Program Files\Linksys\Home Wireless-G PC Card\Gcc.exe" = C:\Program Files\Linksys\Home Wireless-G PC Card\Gcc.exe:*:Enabled:Home Wireless-G PC Card -- ()
"C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe" = C:\Program Files\TOSHIBA\Windows Utilities\TACSPROP.exe:*:Enabled:Accessibility -- (TOSHIBA)
"C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe:*:Enabled:Search for Wireless Devices -- (TOSHIBA)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Home Wireless-G PC Card
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ETKA" = ETKA
"HP DeskJet 720C Series" = HP DeskJet 720C Series (Remove only)
"HTMLKit_is1" = HTML-Kit
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InCD!UninstallKey" = InCD
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"InterActual Player" = InterActual Player
"Lexmark P910 Series" = Lexmark P910 Series
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MicroDialler" = Wanadoo Connection Kit v1.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PCFriendly" = PCFriendly
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"Tesconet" = Tesco internet access dialler
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"Update Engine" = Sony Ericsson Update Engine
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Wise PC Engineer_is1" = Wise PC Engineer 6.3.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2011 17:52:16 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2011 12:10:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/05/2011 18:03:16 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 13:59:51 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/06/2011 13:42:01 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/06/2011 15:26:06 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/06/2011 13:29:39 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18372, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/06/2011 13:57:25 | Computer Name = YOUR-BM7ACOQIYX | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/05/2011 11:26:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/05/2011 11:26:36 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 19/05/2011 01:59:46 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 19/05/2011 02:00:08 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 23/05/2011 18:22:02 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 23/05/2011 18:22:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 24/05/2011 14:36:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 24/05/2011 14:36:43 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 08/06/2011 17:27:53 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 08/06/2011 17:28:17 | Computer Name = YOUR-BM7ACOQIYX | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

Advertisements

#2
havredave
Posted 14 June 2011 - 03:07 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix. Also, I'm currently still in training, so there may be a longer than normal pause between my posts as I get expert feedback and permission to post each fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

If you would, please get me a fresh OTL scan, as follows. Please DO get a fresh copy of OTL, as there is a new release since your last scan:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the text from the following codebox, and paste it into the "Custom Scans" box in OTL.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.sys
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your topic

  • 0

#3
hoopdub2
Posted 15 June 2011 - 03:21 PM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
thanks for replying, i downloaded OTL again, but seems to be the same version, anyway ran the scan as you instructd, heres the log, thanks again

OTL logfile created on: 15/06/2011 21:36:38 - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Mary Newton\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

191.48 Mb Total Physical Memory | 19.13 Mb Available Physical Memory | 9.99% Memory free
627.94 Mb Paging File | 75.29 Mb Available in Paging File | 11.99% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.15 Gb Free Space | 27.24% Space Free | Partition Type: NTFS

Computer Name: YOUR-BM7ACOQIYX | User Name: Mary Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 21:29:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/04/30 16:42:36 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2004/04/29 10:18:52 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/04/27 09:02:40 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/02/12 11:02:38 | 001,019,904 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
PRC - [2004/01/22 17:09:00 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 21:29:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/01/22 17:08:52 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/01/06 12:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbycoms.exe -- (lxby_device)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/04 16:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Home Wireless-G PC Card\NICServ.exe -- (NICSer_WPC54G)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/06 19:40:55 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/06 19:40:55 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2006/03/26 13:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 17:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 10:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 15:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/08 03:13:38 | 000,265,344 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRV8335XP.sys -- (W8335XP)
DRV - [2004/09/24 23:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/28 11:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/14 14:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/03/09 20:28:38 | 000,680,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/27 01:31:38 | 000,004,224 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/05 19:53:00 | 000,068,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/27 13:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/02/18 19:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/10 16:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/11/05 16:00:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [1998/09/25 09:54:28 | 000,052,800 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP14.SYS -- (HPFECP14)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Philips Songbird"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.8.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.1002
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19.1667
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2202
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.2417
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2200
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2207
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.0.2203
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.1667


[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions
[2011/01/29 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Newton\Application Data\Mozilla\Extensions\[email protected]
[2011/01/29 16:49:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Application Data\Philips-Songbird\Profiles\8ym8n54h.default\searchplugins\9f079b2e-5f58-4c98-8f25-97093006cff8.xml
[2011/01/31 20:32:43 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
[2011/01/29 16:47:46 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\DOCUMENTS AND SETTINGS\MARY NEWTON\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\8YM8N54H.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\[email protected]

O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (Freeserve) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Search with Freeserve - C:\Program Files\Freeserve\FSBar\FSBar.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: tesco.net ([memberservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tesco.net ([register] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} https://www.wanadoo....rs/sd0101_5.exe (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.thephotob...ects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8153.2020601852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: NTLSignup https://register.tes...o/NTLSignup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA1024x0768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/18 07:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3017a119-92d7-11e0-bf0f-00a0d1b1f1e3}\Shell - "" = AutoRun
O33 - MountPoints2\{3017a119-92d7-11e0-bf0f-00a0d1b1f1e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3017a119-92d7-11e0-bf0f-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{50124b39-f58c-11dc-b89a-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell - "" = Autorun
O33 - MountPoints2\{b94a5d24-d9dd-11df-bb81-00a0d1b1f1e3}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 20:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Newton\Tracing
[2011/06/12 20:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/06/12 20:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/06/12 20:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/06/12 19:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/12 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/06/12 16:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
[2011/06/09 21:18:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/05/17 19:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Newton\Desktop\ebay may
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 21:29:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Newton\Desktop\OTL.exe
[2011/06/15 21:02:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 20:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 20:54:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/06/15 20:53:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 22:21:36 | 000,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/12 16:06:24 | 000,161,275 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\img_9209.jpg
[2011/06/12 09:45:35 | 000,004,409 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\TT Logo.jpg
[2011/06/12 09:42:05 | 000,007,540 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\Take That.jpg
[2011/06/08 22:21:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 19:36:28 | 001,128,894 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 21:40:25 | 007,540,420 | ---- | M] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2011/05/27 19:19:26 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 17:26:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 17:26:38 | 000,161,275 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\img_9209.jpg
[2011/06/12 09:47:35 | 000,007,540 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\Take That.jpg
[2011/06/12 09:46:05 | 000,004,409 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\TT Logo.jpg
[2011/06/07 21:41:42 | 001,128,894 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Desktop\07062011670.jpg
[2011/05/28 21:40:20 | 007,540,420 | ---- | C] () -- C:\Documents and Settings\Mary Newton\My Documents\BS200S-7-PartsCatalogue[1].pdf
[2010/11/24 23:19:53 | 000,468,084 | ---- | C] () -- C:\WINDOWS\cluninst.exe
[2010/11/24 23:18:02 | 000,000,098 | ---- | C] () -- C:\WINDOWS\etkinst.ini
[2010/05/14 15:38:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll
[2008/05/23 17:19:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2008/01/30 09:48:11 | 000,084,019 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2008/01/30 09:48:10 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2008/01/24 09:18:02 | 000,083,606 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/01/24 09:18:02 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2007/04/28 20:19:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/01/06 13:38:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/04 07:59:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2006/07/07 23:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/07/02 16:04:33 | 000,001,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/27 17:26:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/27 14:15:39 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/03/16 13:43:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2005/09/23 14:59:54 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Mary Newton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/07 10:07:06 | 000,000,268 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/04/27 23:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 23:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/02/28 21:30:56 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\jzqxrzsa.dat
[2005/02/18 09:28:26 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/12/24 17:20:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\HPFTBX14.INI
[2004/12/05 13:10:06 | 000,000,903 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/25 19:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/06 20:21:31 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/29 20:10:31 | 000,000,203 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/06/16 09:28:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/05/19 11:07:43 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/05/19 11:07:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/05/19 11:07:43 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/05/19 11:07:43 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/05/19 08:09:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2004/05/19 08:09:02 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2004/05/18 14:11:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/18 12:53:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/18 12:53:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/18 12:53:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/18 12:53:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/18 12:50:32 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/05/18 12:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/05/18 12:00:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/05/18 12:00:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/05/18 11:47:42 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/05/18 11:47:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/18 11:47:39 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/18 11:42:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/05/18 11:38:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2004/05/18 11:38:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2004/05/18 11:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
[2004/05/18 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/18 11:17:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/05/18 08:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/18 08:31:04 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/18 08:02:37 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/18 07:46:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/18 07:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/18 07:37:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/18 06:27:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/18 06:27:30 | 000,381,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/18 06:27:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/05/18 06:27:30 | 000,053,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/18 06:27:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/05/18 06:27:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/05/18 06:27:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/05/18 06:27:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/18 06:27:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/05/18 06:27:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/05/18 06:27:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/05/18 06:27:05 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/15 18:28:08 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/09/25 10:42:04 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg14.exe
[1998/09/25 10:41:34 | 000,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.ini
[1998/09/25 10:41:32 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk14.exe
[1998/09/25 10:39:30 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx14.exe
[1998/09/25 10:36:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid14.exe
[1998/09/25 10:34:28 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat14.dll
[1998/09/25 10:32:22 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp14.dll
[1998/09/25 10:21:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl14.dll
[1998/09/25 10:21:22 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl14.dll
[1998/09/25 10:21:18 | 000,297,472 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl14.dll
[1998/09/25 10:21:12 | 001,080,320 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl14.dll
[1998/09/25 10:16:28 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps14.dll
[1998/09/25 10:16:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r14.dll
[1998/09/25 10:14:48 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst14.dll
[1998/09/25 10:07:30 | 000,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui14.dll
[1998/09/25 10:02:00 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin14.dll
[1998/09/25 09:58:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon14.dll
[1998/09/25 09:58:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl14.dll
[1998/09/25 09:56:00 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop14.dll
[1998/09/25 09:55:48 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml14.dll
[1998/09/25 09:55:42 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc14.dll
[1998/09/25 09:55:36 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem14.dll
[1998/09/25 09:55:30 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm14.dll
[1998/09/25 09:55:20 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom14.dll
[1998/09/25 09:54:28 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp14.sys
[1998/09/25 09:53:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu14.dll
[1998/09/25 09:53:10 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa14.dll
[1998/09/25 09:48:44 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg14.dll
[1998/09/25 09:45:34 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt14.dll
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/09/23 21:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/17 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/11/14 22:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2004/10/10 14:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/09/16 20:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/13 19:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tesco Photobook Creator
[2010/06/18 13:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/27 15:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\BitTorrent
[2011/01/29 18:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\imeshbandmltbpi
[2006/05/27 14:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\InterTrust
[2004/11/25 19:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\InterVideo
[2010/10/17 12:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\Nokia
[2011/01/29 16:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\Philips
[2011/02/11 19:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\Philips-Songbird
[2005/12/06 12:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\Samsung
[2011/03/29 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\Sony
[2004/05/18 12:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Newton\Application Data\toshiba
[2011/05/08 00:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2008/11/23 15:14:45 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEasy Scheduled Scan.job
[2004/09/29 20:03:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2004/09/29 20:03:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2004/09/29 20:03:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2004/08/04 07:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2004/08/04 07:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/01/15 03:03:28 | 000,172,544 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/01/15 03:17:22 | 000,636,264 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 12:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#4
havredave
Posted 15 June 2011 - 03:45 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
OTL is actually one revision newer this time. You did good.

Allow me some time to go over your log, and I'll post back with instructions. We'll be doing scanning for a bit to make sure of what we're dealing with.

It's a little late in the day for me, so I might not get back with you until tomorrow.
  • 0

#5
hoopdub2
Posted 16 June 2011 - 01:53 AM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Excellent, thank you very much, i appreciate the help :)
  • 0

#6
havredave
Posted 16 June 2011 - 10:45 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
You're quite welcome. That's what we do. :)

A bit more scanning.

Step one:
Visit GMER.net and click the "Download EXE" button. Save the randomly-named file to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click the randomly-named file. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Write down any information in red on the GMER screen, in case we need it later.
  • Click NO.
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button. The scan can take a great deal of time, depending on how many files are on your machine, and its general horsepower.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.


Step two:
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




Please post back with the GMER.txt logfile (pasted please, not attached), and the pasted aswMBR scan log.
  • 0

#7
hoopdub2
Posted 16 June 2011 - 12:20 PM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
gmer wont run, it gets a couple of files in, blue screens and restarts my laptop :S

heres the aswmbr log

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-16 18:58:39
-----------------------------
18:58:39.687 OS Version: Windows 5.1.2600 Service Pack 2
18:58:39.687 Number of processors: 1 586 0x209
18:58:39.734 ComputerName: YOUR-BM7ACOQIYX UserName: Mary Newton
18:58:53.890 Initialize success
18:59:10.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:59:10.359 Disk 0 Vendor: IC25N040ATMR04-0 MO2OAD4A Size: 38154MB BusType: 3
18:59:10.484 Disk 0 MBR read successfully
18:59:10.484 Disk 0 MBR scan
18:59:10.500 Disk 0 unknown MBR code
18:59:10.531 Disk 0 scanning sectors +78140160
18:59:10.718 Disk 0 scanning C:\WINDOWS\system32\drivers
18:59:31.453 Service scanning
18:59:40.859 Disk 0 trace - called modules:
18:59:40.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync04.sys atapi.sys atiide.sys
18:59:40.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81a98030]
18:59:40.921 3 CLASSPNP.SYS[fabbd05b] -> nt!IofCallDriver -> \Device\0000007e[0x81af2e98]
18:59:40.937 5 ACPI.sys[fab13620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81aaf7f8]
18:59:40.953 \Driver\atapi[0x81aaf030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync04.sys[0xfaaeba7c]
18:59:41.093 Scan finished successfully
19:00:21.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mary Newton\Desktop\MBR.dat"
19:00:21.828 The log file has been saved successfully to "C:\Documents and Settings\Mary Newton\Desktop\aswMBR.txt"
  • 0

#8
havredave
Posted 16 June 2011 - 01:03 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
So far so good. :)

Are you still noticing those virus scan popups, and is your web browser still slowing down quite a bit with use, over time?

You don't appear to have any active infection shown in the logs you've already posted, but we can sure keep digging. Some things hide themselves very well, after all.

I can see some of your issues being caused by your machine's system resources being very low. 256MB of RAM for instance is just not enough to do much.

I also don't see an antivirus program installed on your machine at all. I'd suggest Microsoft Security Essentials for that.

In the meantime, please upload a file for scanning for me:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Documents and Settings\Mary Newton\Desktop\MBR.dat
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#9
hoopdub2
Posted 16 June 2011 - 02:04 PM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Yes i agree it is time for an upgrade :) but i want to get it running at a good speed so i can remove all my files before i bin this laptop :unsure:

its been the last 2 weeks, it basically has become unusable, taking a very very very long time to do anything, and then not sutting anything down afterwards, a lot of (not responding) appearing in brackets.

heres that scan log for you

VirSCAN.org Scanned Report :
Scanned time : 2011/06/16 20:57:39 (BST)
Scanner results: Scanners did not find malware!
File Name : MBR.dat
File Size : 512 byte
File Type : x86 boot sector, mbr; partition 1
MD5 : 34ee629198b159e05f5b27b51f9d13a9
SHA1 : e6d87397793aff72b60728cac28a37fc73045a6f
Online report : http://file.virscan....b36f9a3e35.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110616060837 2011-06-16 5.72 -
AhnLab V3 ... .. -- 0.56 -
AntiVir 8.2.5.20 7.11.9.254 2011-06-16 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201105080215 2011-05-08 0.00 -
Authentium 5.1.1 201106161625 2011-06-16 1.42 -
AVAST! 4.7.4 110616-1 2011-06-16 0.00 -
AVG 8.5.850 271.1.1/3707 2011-06-16 0.24 -
BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
ClamAV 0.96.5 13201 2011-06-16 0.00 -
Comodo 4.0 9090 2011-06-16 1.28 -
CP Secure 1.3.0.5 2011.06.16 2011-06-16 0.01 -
Dr.Web 5.0.2.3300 2011.06.17 2011-06-17 12.58 -
F-Prot 4.4.4.56 20110616 2011-06-16 1.41 -
F-Secure 7.02.73807 2011.06.16.04 2011-06-16 12.48 -
Fortinet 4.2.257 13.334 2011-06-16 0.14 -
GData 22.640/22.167 20110616 2011-06-16 8.94 -
ViRobot 20110616 2011.06.16 2011-06-16 0.40 -
Ikarus T3.1.32.20.0 2011.06.16.78608 2011-06-16 4.55 -
JiangMin 13.0.900 2011.06.16 2011-06-16 1.54 -
Kaspersky 5.5.10 2011.06.16 2011-06-16 0.03 -
KingSoft 2009.2.5.15 2011.6.16.18 2011-06-16 0.74 -
McAfee 5400.1158 6379 2011-06-16 9.33 -
Microsoft 1.6903 2011.06.16 2011-06-16 3.39 -
NOD32 3.0.21 6212 2011-06-15 0.01 -
Norman 6.07.10 6.07.00 2011-06-16 16.02 -
Panda 9.05.01 2011.06.16 2011-06-16 2.12 -
Trend Micro 9.200-1012 8.228.10 2011-06-16 0.02 -
Quick Heal 11.00 2011.06.16 2011-06-16 0.90 -
Rising 20.0 23.62.02.05 2011-06-15 0.39 -
Sophos 3.20.2 4.66 2011-06-17 3.58 -
Sunbelt 3.9.2495.2 9600 2011-06-16 0.71 -
Symantec 1.3.0.24 20110616.005 2011-06-16 0.17 -
nProtect 20110601.01 3460661 2011-06-01 6.46 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.43 -
VBA32 3.12.16.1 20110616.0924 2011-06-16 4.26 -
VirusBuster 5.3.0.4 14.0.83.0/5403402 2011-06-16 0.00 -
  • 0

#10
havredave
Posted 16 June 2011 - 02:59 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Looks good. I'm seeking further advice before I post next; I'll hopefully have something for you soon.

In the meantime, if you merely wish to get your files from the machine, you could always boot in safe mode with networking by tapping the F8 key during bootup, before the Windows splash screen appears, and selecting it from the menu.
  • 0

Advertisements

#11
havredave
Posted 17 June 2011 - 09:56 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Still trying to make sure nothing nefarious is on your machine :)

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
hoopdub2
Posted 17 June 2011 - 12:39 PM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
starting to think im wasting your time, but the pc is still super slow, and the fact that it happened all of a sudden led me to belive that win antivirus was the cause hmmmmm

heres the log of the last scan, nothing :) im starting to wish there was a virus, atleast there would be an answer haha

2011/06/17 19:26:19.0843 1264 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 19:26:21.0468 1264 ================================================================================
2011/06/17 19:26:21.0468 1264 SystemInfo:
2011/06/17 19:26:21.0468 1264
2011/06/17 19:26:21.0468 1264 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/17 19:26:21.0468 1264 Product type: Workstation
2011/06/17 19:26:21.0468 1264 ComputerName: YOUR-BM7ACOQIYX
2011/06/17 19:26:21.0468 1264 UserName: Mary Newton
2011/06/17 19:26:21.0468 1264 Windows directory: C:\WINDOWS
2011/06/17 19:26:21.0468 1264 System windows directory: C:\WINDOWS
2011/06/17 19:26:21.0468 1264 Processor architecture: Intel x86
2011/06/17 19:26:21.0468 1264 Number of processors: 1
2011/06/17 19:26:21.0468 1264 Page size: 0x1000
2011/06/17 19:26:21.0468 1264 Boot type: Normal boot
2011/06/17 19:26:21.0468 1264 ================================================================================
2011/06/17 19:26:29.0156 1264 Initialize success
2011/06/17 19:26:36.0046 3068 ================================================================================
2011/06/17 19:26:36.0046 3068 Scan started
2011/06/17 19:26:36.0046 3068 Mode: Manual;
2011/06/17 19:26:36.0046 3068 ================================================================================
2011/06/17 19:26:48.0703 3068 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/17 19:26:49.0609 3068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/17 19:26:51.0109 3068 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/17 19:26:51.0937 3068 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/17 19:26:53.0500 3068 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/17 19:26:56.0875 3068 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/06/17 19:26:58.0109 3068 ALCXWDM (69cbb79ccccb7ab08f5e00109e9703bd) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/17 19:27:01.0031 3068 AR5211 (466708ae500e11cfa56483ee7fb9ad11) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/06/17 19:27:01.0953 3068 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/17 19:27:04.0250 3068 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/17 19:27:05.0125 3068 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/17 19:27:06.0781 3068 ati2mtag (59485150d0388e07772ead4999a5afc2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/17 19:27:07.0812 3068 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
2011/06/17 19:27:08.0890 3068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/17 19:27:09.0625 3068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/17 19:27:10.0734 3068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/17 19:27:12.0250 3068 caboagp (906fcf0d1dc5b573015bbd21ef54bd88) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2011/06/17 19:27:12.0859 3068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/17 19:27:13.0671 3068 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
2011/06/17 19:27:14.0578 3068 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/17 19:27:15.0953 3068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/17 19:27:16.0765 3068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/17 19:27:17.0531 3068 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/17 19:27:19.0093 3068 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/17 19:27:20.0421 3068 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/17 19:27:23.0171 3068 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\WINDOWS\system32\Drivers\SQcaptur.sys
2011/06/17 19:27:24.0203 3068 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
2011/06/17 19:27:25.0203 3068 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/17 19:27:26.0671 3068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/17 19:27:28.0062 3068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/17 19:27:28.0750 3068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/17 19:27:29.0640 3068 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/17 19:27:31.0031 3068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/17 19:27:31.0937 3068 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/17 19:27:33.0203 3068 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/17 19:27:34.0046 3068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/17 19:27:34.0687 3068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/17 19:27:35.0453 3068 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/17 19:27:36.0343 3068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/17 19:27:36.0906 3068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/17 19:27:37.0718 3068 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/17 19:27:38.0546 3068 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2011/06/17 19:27:39.0203 3068 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2011/06/17 19:27:39.0828 3068 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/17 19:27:41.0171 3068 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/17 19:27:42.0375 3068 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/17 19:27:43.0000 3068 HPFECP14 (c47353fd62daa7d13438d5448a6285b1) C:\WINDOWS\System32\drivers\HPFECP14.SYS
2011/06/17 19:27:44.0640 3068 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/17 19:27:45.0562 3068 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/17 19:27:46.0203 3068 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/17 19:27:46.0968 3068 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/17 19:27:49.0203 3068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/17 19:27:50.0031 3068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/17 19:27:50.0953 3068 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/06/17 19:27:52.0234 3068 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/06/17 19:27:53.0171 3068 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/06/17 19:27:53.0750 3068 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
2011/06/17 19:27:56.0828 3068 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/17 19:27:58.0390 3068 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/17 19:27:59.0437 3068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/17 19:28:00.0812 3068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/17 19:28:01.0656 3068 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/17 19:28:02.0421 3068 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/17 19:28:03.0328 3068 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/17 19:28:04.0015 3068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/17 19:28:04.0781 3068 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/17 19:28:05.0375 3068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/17 19:28:06.0187 3068 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/17 19:28:06.0906 3068 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/17 19:28:08.0250 3068 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/17 19:28:09.0281 3068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/17 19:28:10.0031 3068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/17 19:28:10.0906 3068 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/17 19:28:11.0562 3068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/17 19:28:12.0515 3068 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/17 19:28:14.0000 3068 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/17 19:28:15.0531 3068 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/17 19:28:16.0515 3068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/17 19:28:17.0500 3068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/17 19:28:18.0203 3068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/17 19:28:19.0218 3068 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/17 19:28:20.0265 3068 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/17 19:28:20.0984 3068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/17 19:28:21.0687 3068 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/17 19:28:22.0593 3068 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/17 19:28:23.0609 3068 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/17 19:28:24.0187 3068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/17 19:28:24.0781 3068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/17 19:28:25.0531 3068 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/17 19:28:26.0359 3068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/17 19:28:27.0031 3068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/17 19:28:27.0734 3068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/17 19:28:28.0515 3068 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/06/17 19:28:29.0312 3068 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/17 19:28:29.0937 3068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/17 19:28:31.0156 3068 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/17 19:28:32.0093 3068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/17 19:28:32.0562 3068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/17 19:28:33.0421 3068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/17 19:28:34.0000 3068 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
2011/06/17 19:28:34.0828 3068 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/17 19:28:35.0750 3068 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/17 19:28:36.0609 3068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/17 19:28:37.0281 3068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/17 19:28:37.0812 3068 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/17 19:28:38.0906 3068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/17 19:28:39.0593 3068 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/17 19:28:45.0234 3068 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/17 19:28:46.0875 3068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/17 19:28:48.0062 3068 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/17 19:28:49.0343 3068 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/17 19:28:50.0671 3068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/17 19:28:51.0640 3068 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/17 19:28:59.0046 3068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/17 19:29:00.0250 3068 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/17 19:29:01.0609 3068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/17 19:29:02.0765 3068 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/17 19:29:03.0953 3068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/17 19:29:04.0906 3068 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/17 19:29:05.0921 3068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/17 19:29:06.0937 3068 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/17 19:29:07.0906 3068 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/17 19:29:09.0062 3068 RTL8023 (d88f6c53b637abe4c23de29db40a9f05) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2011/06/17 19:29:09.0984 3068 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/17 19:29:11.0000 3068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/17 19:29:12.0171 3068 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/17 19:29:13.0218 3068 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/06/17 19:29:14.0171 3068 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/06/17 19:29:15.0140 3068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/17 19:29:16.0781 3068 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
2011/06/17 19:29:18.0187 3068 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/06/17 19:29:19.0796 3068 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/17 19:29:20.0687 3068 SMCIRDA (f5fec5b4b985fbf81927844e75dd5bd1) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/06/17 19:29:21.0796 3068 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/17 19:29:23.0296 3068 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/17 19:29:24.0328 3068 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/17 19:29:25.0625 3068 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/17 19:29:26.0734 3068 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/17 19:29:27.0812 3068 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/17 19:29:28.0781 3068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/17 19:29:32.0062 3068 SynTP (d5803ceafc64fcf475fe6b6756b41bb8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/17 19:29:32.0890 3068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/17 19:29:33.0812 3068 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/17 19:29:34.0703 3068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/17 19:29:35.0187 3068 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/17 19:29:35.0656 3068 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/17 19:29:36.0453 3068 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
2011/06/17 19:29:37.0531 3068 TVALD (5cd3966b9dbec34787783d44dc2ae6b8) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/06/17 19:29:38.0000 3068 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/17 19:29:39.0078 3068 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/17 19:29:39.0843 3068 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/17 19:29:40.0500 3068 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/17 19:29:41.0359 3068 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/17 19:29:42.0156 3068 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/17 19:29:43.0312 3068 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/17 19:29:44.0015 3068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/17 19:29:44.0609 3068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/17 19:29:46.0062 3068 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/17 19:29:47.0312 3068 W8335XP (10ad08a04ea46b96a7968eb65ee9db39) C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
2011/06/17 19:29:48.0218 3068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/17 19:29:49.0281 3068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/17 19:29:51.0281 3068 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/17 19:29:52.0390 3068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/17 19:29:53.0671 3068 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/17 19:29:54.0671 3068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/17 19:29:55.0718 3068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/17 19:29:56.0500 3068 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
2011/06/17 19:30:02.0015 3068 ================================================================================
2011/06/17 19:30:02.0015 3068 Scan finished
2011/06/17 19:30:02.0015 3068 ================================================================================
2011/06/17 19:30:02.0140 3056 Detected object count: 0
2011/06/17 19:30:02.0140 3056 Actual detected object count: 0
  • 0

#13
havredave
Posted 17 June 2011 - 12:51 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
If someone needs help, it's never a waste of my time to try, even if we end up chasing our tails. :)

I can think of some other issues that could be causing trouble, but they're hardware or operating system related, rather than malware. You do have one odd line in your OTL log that I wouldn't mind getting rid of, but it's not malware related - just a goofy entry. Still, it's nothing that should slow your machine down, so I'm not too concerned.

The two largest issues I could find (so far anyway) were that your system RAM is really small (256MB, sharing some with video, so you have even less usable), and you don't have any antivirus installed.

Let me run a few other ideas past my reviewer, and see where we can next take this. I don't mind taking the time if you don't!
  • 0

#14
hoopdub2
Posted 17 June 2011 - 01:00 PM

hoopdub2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
No thats great, im happy to keep trying, if you helping me is also helping you then its win win :)
  • 0

#15
havredave
Posted 17 June 2011 - 02:34 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Let's give this a go, in case WinAntivirus actually did get a foothold that isn't coming up on regular scans.

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate.
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe and try again.

Please post the contents of the RKreport.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP