Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Colours are all messed up after widows loads up [Solved]

Started by Graham56 , Feb 20 2012 05:23 AM

  • This topic is locked This topic is locked

#1
Graham56
Posted 20 February 2012 - 05:23 AM

Graham56

    Member

  • Member
  • PipPip
  • 17 posts
As boot up and loading of windows xp is almost complete the logo is faded by horizontal black lines, it then freezes for a few seconds and the wellcome screen appears which is pink, then the background photo appears with all the colours changed giving a 'negative' stlye appearance. Programs run but are difficult to see and text is often black on black. I have changed some windows colours but not all changes remain, some revert back after a few seconds.
I first noticed this when I switched on 17/2/12 but suspect the problem occured 16/2/12 when my daughter came round and was using my computer to go on face book and click on things to listen to music and watch clips.
I have norton antivirus and have also ran norton power eraser, malwarebytes, ad adware, super anti spyware, but to no avail. Colours are ok in safemode. I have pasted the 2 files from OLT below.
I would be very grateful if someone could help me.


OTLlogfile created on: 20/02/2012 09:02:13 - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\gw\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 28.82% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 44.17 Gb Free Space | 39.52% Space Free | Partition Type: NTFS
Drive D: | 120.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PC1 | User Name: gw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 08:53:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gw\Desktop\OTL.exe
PRC - [2012/02/04 08:00:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/25 10:16:28 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 12:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/07 17:11:28 | 000,131,072 | ---- | M] (South Bay Software) -- C:\Program Files\AutoSizer\AutoSizer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/28 11:50:34 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/04/08 13:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2004/01/08 18:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/09/11 03:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE
PRC - [2003/07/31 05:59:14 | 000,561,152 | R--- | M] (VIA) -- C:\Program Files\VIA\RAID\raid_tool.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/04 08:00:03 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/21 12:03:52 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 22:17:04 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/25 12:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/06/07 17:11:28 | 000,086,016 | ---- | M] () -- C:\Program Files\AutoSizer\AutoSizer.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2008/03/28 11:50:34 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/03/28 11:50:34 | 000,357,768 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/28 11:50:34 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/20 01:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV - [2012/02/04 08:18:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 08:18:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/25 10:16:44 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/01/25 10:16:44 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/01/25 10:16:44 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/20 10:29:09 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120219.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/20 10:29:09 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120219.016\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/15 23:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120217.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/15 17:10:05 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/01 02:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/07 22:17:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/05/20 17:21:36 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 01:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/31 03:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/31 03:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/31 03:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 03:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 02:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 06:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 05:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 00:53:17 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2010/01/07 16:33:59 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2009/05/18 09:42:12 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/03/19 20:21:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/02 08:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2004/01/27 13:52:01 | 001,086,933 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/01/27 13:52:01 | 000,602,265 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/01/27 13:52:01 | 000,047,781 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/01/27 13:52:01 | 000,031,440 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/01/09 15:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 15:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/19 14:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/13 07:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/07/01 20:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/12 10:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2001/10/03 09:10:10 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2001/10/03 09:09:56 | 000,589,776 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: {dbd63b80-1735-11df-8a39-0800200c9a66}:3.6.0.3
FF - prefs.js..keyword.URL: "http://www.google.co...nt&hl=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\gw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\gw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2012/02/01 20:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_5_2 [2012/02/20 08:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 08:00:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 00:22:26 | 000,000,000 | ---D | M]

[2010/08/16 17:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gw\Application Data\Mozilla\Extensions
[2008/07/17 18:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gw\Application Data\Mozilla\Extensions\[email protected]
[2012/02/04 08:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gw\Application Data\Mozilla\Firefox\Profiles\l5e55n9b.default\extensions
[2011/07/28 09:19:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\gw\Application Data\Mozilla\Firefox\Profiles\l5e55n9b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/17 18:25:46 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\gw\Application Data\Mozilla\Firefox\Profiles\l5e55n9b.default\searchplugins\safesearch.xml
[2011/12/21 13:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/20 08:37:23 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_5_2
[2012/02/01 20:07:28 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L5E55N9B.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L5E55N9B.DEFAULT\EXTENSIONS\[email protected]
[2008/12/15 09:23:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 21:44:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/04 08:00:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 10:40:21 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/20 10:40:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 10:40:21 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/20 10:40:21 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/20 10:40:21 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Slinky Elegant = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.0_0\
CHR - Extension: Google Search = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\gw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon File not found
O4 - HKCU..\Run: [AutoSizer] C:\Program Files\AutoSizer\AutoSizer.exe (South Bay Software)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: msn.com ([zone] https in Trusted sites)
O15 - HKCU\..Trusted Domains: retaileyes.co.uk ([secure] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32F8A4C7-8B05-44D2-8DA9-6538FDC85B2B} https://www.solbank.com/html/PSA.CAB (PSA.Dispatcher)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1106668819546 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1124547016671 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://static.photob...geUploader4.cab (Image Uploader Control)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epso...rg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://msnuk.oberon-...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akama...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} http://eu.download.g...zylomloader.cab (Zylom Loader Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://yahoouk.obero...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} http://www.cyclomedi...loScopeLite.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F462861-1466-4D81-93FE-A7D518A2D1D0}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C691A55A-8484-4382-82B8-E1610C242E95}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\gw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/06 14:35:58 | 000,000,053 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell - "" = AutoRun
O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\Auto\command - "" = scvhost.bat
O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL scvhost.bat
O33 - MountPoints2\{a8391bbe-31da-11dc-8743-000fea5825d6}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 08:53:46 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gw\Desktop\OTL.exe
[2012/02/19 20:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/19 19:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/19 19:33:53 | 014,848,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gw\My Documents\SUPERAntiSpyware.exe
[2012/02/18 14:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gw\Application Data\Malwarebytes
[2012/02/18 14:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/18 14:35:04 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\gw\My Documents\mbam-setup-1.60.1.1000.exe
[2012/02/18 11:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gw\Application Data\Tific
[2012/02/18 10:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gw\Local Settings\Application Data\NPE
[2012/02/18 10:19:53 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\gw\My Documents\NPE.exe
[2012/02/05 09:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gw\Start Menu\Programs\Google Chrome
[2012/02/01 20:04:08 | 000,044,024 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2012/01/25 10:16:44 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2006/03/19 18:57:47 | 004,588,454 | ---- | C] (Symantec ) -- C:\Program Files\setup.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 09:06:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4D173593-174B-425F-945E-19437ACFBE8F}.job
[2012/02/20 08:53:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gw\Desktop\OTL.exe
[2012/02/20 08:38:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/20 08:37:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 08:36:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 08:36:51 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/20 08:35:22 | 000,000,220 | RHS- | M] () -- C:\boot.ini
[2012/02/20 08:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 08:23:28 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/20 08:22:04 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2025429265-682003330-1005UA.job
[2012/02/20 07:37:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/19 20:45:47 | 012,410,880 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Ad-Aware96Install.msi
[2012/02/19 19:34:10 | 014,848,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\gw\My Documents\SUPERAntiSpyware.exe
[2012/02/19 18:01:22 | 121,196,504 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\setup_11.0.0.1245.x01_2012_02_19_20_59.exe
[2012/02/18 14:35:13 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\gw\My Documents\mbam-setup-1.60.1.1000.exe
[2012/02/18 12:33:10 | 000,494,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 10:37:28 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\gw\Application Data\SMRResults250.dat
[2012/02/18 10:19:56 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\gw\My Documents\NPE.exe
[2012/02/18 09:33:00 | 000,002,249 | ---- | M] () -- C:\Documents and Settings\gw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/18 09:32:58 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\gw\Desktop\Google Chrome.lnk
[2012/02/18 09:22:22 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2025429265-682003330-1005Core.job
[2012/02/17 00:01:34 | 000,474,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 00:01:34 | 000,084,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 23:54:48 | 000,762,178 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207000.00D\Cat.DB
[2012/02/16 23:54:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 20:44:50 | 000,010,720 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2012/02/16 20:44:50 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2012/02/13 14:58:11 | 000,188,409 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Savings User Guide - SAV 0463 (1).pdf
[2012/02/13 14:58:08 | 000,188,409 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Savings User Guide - SAV 0463 (2).pdf
[2012/02/12 15:51:24 | 000,057,052 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293573631_SOLD_Henderson_Asian_Dividend_Income (1).pdf
[2012/02/12 15:51:02 | 000,057,052 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293573631_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:51:01 | 000,057,039 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293580311_SOLD_Allianz_RCM_BRIC_Stars.pdf
[2012/02/12 15:48:26 | 000,057,045 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293560391_SOLD_Artemis_Strategic_Assets.pdf
[2012/02/12 15:48:23 | 000,057,055 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293561141_SOLD_Ignis_Argonaut_European_Alpha.pdf
[2012/02/12 15:43:59 | 000,057,049 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293565251_SOLD_Fidelity_Moneybuilder_UK_Index.pdf
[2012/02/12 15:43:57 | 000,057,054 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293573661_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:43:55 | 000,057,047 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293780821_SOLD_Marlborough_Special_Situations.pdf
[2012/02/12 15:43:54 | 000,057,041 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293784721_SOLD_M&G_Optimal_Income.pdf
[2012/02/12 15:43:51 | 000,057,048 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293789461_SOLD_Invesco_Perpetual_High_Income.pdf
[2012/02/12 15:43:47 | 000,057,054 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293880801_SOLD_Standard_Life_UK_Smaller_Companies.pdf
[2012/02/12 15:41:29 | 000,057,128 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293374201_SOLD_Hargreaves_Lansdown_Plc.pdf
[2012/02/12 15:40:48 | 000,057,035 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293791431_SOLD_M&G_American.pdf
[2012/02/12 15:39:39 | 000,057,101 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293373671_SOLD_Hargreaves_Lansdown_Plc.pdf
[2012/02/12 15:39:00 | 000,057,045 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293560381_SOLD_Artemis_Strategic_Assets.pdf
[2012/02/12 15:38:26 | 000,057,048 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293565241_SOLD_Fidelity_Moneybuilder_UK_Index.pdf
[2012/02/12 15:37:59 | 000,057,052 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293573651_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:37:28 | 000,057,044 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293780951_SOLD_First_State_Latin_America.pdf
[2012/02/12 15:36:45 | 000,057,053 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293782761_SOLD_Invesco_Perpetual_Global_Equity_Income.pdf
[2012/02/12 15:35:50 | 000,057,043 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293785291_SOLD_Skandia_Global_Best_Ideas.pdf
[2012/02/12 15:35:13 | 000,057,036 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293791501_SOLD_M&G_American.pdf
[2012/02/12 15:34:03 | 000,057,060 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\S293795161_SOLD_BlackRock_UK_Special_Situations_Fund.pdf
[2012/02/11 02:17:00 | 000,080,615 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\488px-English_ceremonial_counties_2010_(multi-coloured).svg.png
[2012/02/08 20:54:15 | 000,112,308 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Bahia de Algeciras y Gibraltar.htm
[2012/02/08 20:51:26 | 003,720,192 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Bahia_de_Algeciras_y_Gibraltar.pps
[2012/02/08 20:47:43 | 002,446,848 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Setenil_de_las_bodegas.pps
[2012/02/07 20:19:51 | 000,000,381 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Captains Final Fling (1).ics
[2012/02/07 20:19:49 | 000,000,381 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\Captains Final Fling.ics
[2012/02/01 20:03:13 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/01/31 20:31:15 | 000,079,826 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\bill28January2012.pdf
[2012/01/30 20:41:31 | 000,292,185 | ---- | M] () -- C:\Documents and Settings\gw\My Documents\ukQ4-2011ClientReview.pdf
[2012/01/28 04:52:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207000.00D\isolate.ini
[2012/01/26 15:44:21 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\gw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/25 10:16:44 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 08:35:21 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012/02/19 20:49:27 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/19 20:45:35 | 012,410,880 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Ad-Aware96Install.msi
[2012/02/19 17:59:31 | 121,196,504 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\setup_11.0.0.1245.x01_2012_02_19_20_59.exe
[2012/02/19 17:54:36 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/18 10:37:14 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\gw\Application Data\SMRResults250.dat
[2012/02/16 09:20:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 09:20:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/13 14:58:10 | 000,188,409 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Savings User Guide - SAV 0463 (1).pdf
[2012/02/13 14:58:07 | 000,188,409 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Savings User Guide - SAV 0463 (2).pdf
[2012/02/12 15:51:24 | 000,057,052 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293573631_SOLD_Henderson_Asian_Dividend_Income (1).pdf
[2012/02/12 15:51:02 | 000,057,052 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293573631_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:51:01 | 000,057,039 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293580311_SOLD_Allianz_RCM_BRIC_Stars.pdf
[2012/02/12 15:48:26 | 000,057,045 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293560391_SOLD_Artemis_Strategic_Assets.pdf
[2012/02/12 15:48:23 | 000,057,055 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293561141_SOLD_Ignis_Argonaut_European_Alpha.pdf
[2012/02/12 15:43:59 | 000,057,049 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293565251_SOLD_Fidelity_Moneybuilder_UK_Index.pdf
[2012/02/12 15:43:57 | 000,057,054 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293573661_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:43:55 | 000,057,047 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293780821_SOLD_Marlborough_Special_Situations.pdf
[2012/02/12 15:43:54 | 000,057,041 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293784721_SOLD_M&G_Optimal_Income.pdf
[2012/02/12 15:43:51 | 000,057,048 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293789461_SOLD_Invesco_Perpetual_High_Income.pdf
[2012/02/12 15:43:47 | 000,057,054 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293880801_SOLD_Standard_Life_UK_Smaller_Companies.pdf
[2012/02/12 15:41:29 | 000,057,128 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293374201_SOLD_Hargreaves_Lansdown_Plc.pdf
[2012/02/12 15:40:48 | 000,057,035 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293791431_SOLD_M&G_American.pdf
[2012/02/12 15:39:39 | 000,057,101 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293373671_SOLD_Hargreaves_Lansdown_Plc.pdf
[2012/02/12 15:39:00 | 000,057,045 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293560381_SOLD_Artemis_Strategic_Assets.pdf
[2012/02/12 15:38:26 | 000,057,048 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293565241_SOLD_Fidelity_Moneybuilder_UK_Index.pdf
[2012/02/12 15:37:59 | 000,057,052 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293573651_SOLD_Henderson_Asian_Dividend_Income.pdf
[2012/02/12 15:37:28 | 000,057,044 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293780951_SOLD_First_State_Latin_America.pdf
[2012/02/12 15:36:45 | 000,057,053 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293782761_SOLD_Invesco_Perpetual_Global_Equity_Income.pdf
[2012/02/12 15:35:50 | 000,057,043 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293785291_SOLD_Skandia_Global_Best_Ideas.pdf
[2012/02/12 15:35:13 | 000,057,036 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293791501_SOLD_M&G_American.pdf
[2012/02/12 15:34:03 | 000,057,060 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\S293795161_SOLD_BlackRock_UK_Special_Situations_Fund.pdf
[2012/02/11 02:17:16 | 000,080,615 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\488px-English_ceremonial_counties_2010_(multi-coloured).svg.png
[2012/02/08 20:55:06 | 000,112,308 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Bahia de Algeciras y Gibraltar.htm
[2012/02/08 20:51:19 | 003,720,192 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Bahia_de_Algeciras_y_Gibraltar.pps
[2012/02/08 20:47:37 | 002,446,848 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Setenil_de_las_bodegas.pps
[2012/02/07 20:19:51 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Captains Final Fling (1).ics
[2012/02/07 20:19:49 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\Captains Final Fling.ics
[2012/02/05 09:20:55 | 000,002,249 | ---- | C] () -- C:\Documents and Settings\gw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 09:20:53 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\gw\Desktop\Google Chrome.lnk
[2012/02/05 09:17:48 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2025429265-682003330-1005UA.job
[2012/02/05 09:17:47 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2025429265-682003330-1005Core.job
[2012/01/31 20:31:15 | 000,079,826 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\bill28January2012.pdf
[2012/01/30 20:41:31 | 000,292,185 | ---- | C] () -- C:\Documents and Settings\gw\My Documents\ukQ4-2011ClientReview.pdf
[2011/04/16 23:39:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/16 23:17:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 16:05:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/08/16 17:53:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/06 18:14:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\gw\Application Data\$_hpcst$.hpc
[2008/08/03 16:24:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/05/01 01:00:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/19 18:57:47 | 007,155,864 | ---- | C] () -- C:\Program Files\NGhost10.msi
[2006/03/19 18:57:47 | 000,000,035 | ---- | C] () -- C:\Program Files\SCSSDist.ini
[2006/03/19 18:57:41 | 037,766,164 | ---- | C] () -- C:\Program Files\Data1.cab
[2006/02/13 15:14:00 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/04/18 18:52:57 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\gw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/17 12:23:07 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\gw\Local Settings\Application Data\fusioncache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AD016E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >


OTL Extras logfile created on: 20/02/2012 09:02:13 - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\gw\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 28.82% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 44.17 Gb Free Space | 39.52% Space Free | Partition Type: NTFS
Drive D: | 120.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PC1 | User Name: gw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe" = C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer -- (Microsoft Corporation)
"C:\FrontPage Webs\Server\vhttpd32.exe" = C:\FrontPage Webs\Server\vhttpd32.exe:*:Enabled:Microsoft FrontPage Personal Web Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Symantec\LiveUpdate\LUALL.EXE" = C:\Program Files\Symantec\LiveUpdate\LUALL.EXE:*:Enabled:LiveUpdate - Norton AntiVirus
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Documents and Settings\gw\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\gw\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Documents and Settings\gw\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\gw\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05DFD5AC-95C5-4391-8CCE-ECDD3D947EC3}" = calibre
"{0F429FF7-8C47-40D7-AF6F-D8B090233D04}" = Image Data Converter SR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FCDE341-328B-434B-9F21-AF5BADB57852}" = Symantec Technical Support Web Controls
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle" = Amazon Kindle
"Analyse-it for Excel" = Analyse-it for Microsoft Excel
"Ares" = Ares 2.0.8
"AutoSizer" = AutoSizer
"BPFile" = BPFile
"Digital Editions" = Adobe Digital Editions
"Easy Hi-Q Recorder_is1" = Easy Hi-Q Recorder 2.4
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPR200 Reference Guide" = ESPR200 Reference Guide
"ESPR200 Software Guide" = ESPR200 Software Guide
"FrontPage v3.0" = Microsoft FrontPage 98
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"Intel® MD5690 Modem" = Intel® MD5690 Modem
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0 (x86 en-GB)" = Mozilla Firefox 10.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Network Play System (Patching)" = Network Play System (Patching)
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Display Driver" = NVIDIA Display Driver
"Picasa 3" = Picasa 3
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"Sina Web TV" = Sina Web TV
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2012 17:51:22 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 31/01/2012 17:51:22 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 02/02/2012 07:27:01 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/02/2012 07:27:01 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 02/02/2012 07:29:42 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/02/2012 07:29:42 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 19/02/2012 10:41:05 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 19/02/2012 10:43:00 | Computer Name = PC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 19/02/2012 16:50:59 | Computer Name = PC1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 19/02/2012 17:05:14 | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/02/2012 04:32:05 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:05 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:05 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:05 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:06 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:06 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:06 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:32:09 | Computer Name = PC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/02/2012 04:37:53 | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 20/02/2012 04:38:22 | Computer Name = PC1 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
  • 0

Advertisements

#2
maliprog
Posted 27 February 2012 - 01:55 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Graham56 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell - "" = AutoRun
    O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\Auto\command - "" = scvhost.bat
    O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL scvhost.bat

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
Graham56
Posted 27 February 2012 - 08:34 AM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Maliprog,
Thank you for your reply. Please find output from OLT pasted below. I will now send out put from malwarebytes.
I hope this can be seen, I have to select text in order to see it.
Graham

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
File scvhost.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60847f4c-99f2-11de-8a4a-000fea5825d6}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL scvhost.bat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 387504 bytes
->Temporary Internet Files folder emptied: 182951 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Flash cache emptied: 41 bytes

User: FRANCES

User: Graham

User: gw
->Temp folder emptied: 833984931 bytes
->Temporary Internet Files folder emptied: 52978534 bytes
->Java cache emptied: 110297006 bytes
->FireFox cache emptied: 250381355 bytes
->Google Chrome cache emptied: 34531304 bytes
->Flash cache emptied: 1776336 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 327660 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 82330 bytes
->Temporary Internet Files folder emptied: 49554 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1085457 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62211783 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 397545659 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 939397023 bytes

Total Files Cleaned = 2,561.00 mb


OTL by OldTimer - Version 3.2.33.0 log created on 02272012_141132
  • 0

#4
Graham56
Posted 27 February 2012 - 09:07 AM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the second log. This one from malwarebyte

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
gw :: PC1 [administrator]

27/02/2012 14:48:50
mbam-log-2012-02-27 (14-48-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204513
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#5
maliprog
Posted 27 February 2012 - 12:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's continue...

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post[/B]
  • 0

#6
Graham56
Posted 28 February 2012 - 01:01 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have carried out the instructions and posted the results below
Before I received your first reply I had reinstalled the graphics drivers from the cd which had no effect. I then went into control panel and did more or less the same from there and was prompted to insert the cd, upon rebooting however the screen went blank at the end of widows loading just after the 'theme tune' The screen was blank with just a monitor message saying 'out of range'. I then had to turn it off to reboot again and after 4 attempts thing returned to 'normal' still with the problem though. I do not know whether this has any relevance but thought I should mention it. Since receiving you reply I have taken no action other than your instructions. aswMBR post to follow




20:05:08.0843 5280 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
20:05:10.0171 5280 ============================================================
20:05:10.0171 5280 Current date / time: 2012/02/27 20:05:10.0171
20:05:10.0171 5280 SystemInfo:
20:05:10.0171 5280
20:05:10.0171 5280 OS Version: 5.1.2600 ServicePack: 3.0
20:05:10.0171 5280 Product type: Workstation
20:05:10.0171 5280 ComputerName: PC1
20:05:10.0171 5280 UserName: gw
20:05:10.0171 5280 Windows directory: C:\WINDOWS
20:05:10.0171 5280 System windows directory: C:\WINDOWS
20:05:10.0171 5280 Processor architecture: Intel x86
20:05:10.0171 5280 Number of processors: 1
20:05:10.0171 5280 Page size: 0x1000
20:05:10.0171 5280 Boot type: Normal boot
20:05:10.0171 5280 ============================================================
20:05:12.0203 5280 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:05:12.0343 5280 \Device\Harddisk0\DR0:
20:05:12.0671 5280 MBR used
20:05:12.0671 5280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
20:05:12.0734 5280 Initialize success
20:05:12.0734 5280 ============================================================
20:05:43.0781 5308 ============================================================
20:05:43.0781 5308 Scan started
20:05:43.0781 5308 Mode: Manual; SigCheck; TDLFS;
20:05:43.0781 5308 ============================================================
20:05:44.0031 5308 Abiosdsk - ok
20:05:44.0109 5308 abp480n5 - ok
20:05:44.0203 5308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:05:45.0984 5308 ACPI - ok
20:05:46.0093 5308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:05:46.0281 5308 ACPIEC - ok
20:05:46.0375 5308 adpu160m - ok
20:05:46.0468 5308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:05:46.0640 5308 aec - ok
20:05:46.0750 5308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:05:46.0812 5308 AFD - ok
20:05:46.0890 5308 Aha154x - ok
20:05:46.0968 5308 aic78u2 - ok
20:05:47.0015 5308 aic78xx - ok
20:05:47.0093 5308 alcan5wn (3ba0860e228f60fc0cab6435bde777b5) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
20:05:47.0140 5308 alcan5wn ( UnsignedFile.Multi.Generic ) - warning
20:05:47.0140 5308 alcan5wn - detected UnsignedFile.Multi.Generic (1)
20:05:47.0328 5308 alcaudsl (b1bc2524451b8b238fca773d8642f60a) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
20:05:47.0390 5308 alcaudsl ( UnsignedFile.Multi.Generic ) - warning
20:05:47.0390 5308 alcaudsl - detected UnsignedFile.Multi.Generic (1)
20:05:47.0546 5308 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
20:05:47.0687 5308 ALCXSENS - ok
20:05:47.0812 5308 ALCXWDM (bc5c55b49c4bd1fdfaaa128fe21f9fea) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:05:47.0906 5308 ALCXWDM - ok
20:05:48.0046 5308 AliIde - ok
20:05:48.0093 5308 amsint - ok
20:05:48.0203 5308 asc - ok
20:05:48.0265 5308 asc3350p - ok
20:05:48.0328 5308 asc3550 - ok
20:05:48.0468 5308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:05:48.0625 5308 AsyncMac - ok
20:05:48.0750 5308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:05:48.0906 5308 atapi - ok
20:05:49.0000 5308 Atdisk - ok
20:05:49.0093 5308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:05:49.0281 5308 Atmarpc - ok
20:05:49.0390 5308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:05:49.0562 5308 audstub - ok
20:05:49.0687 5308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:05:49.0859 5308 Beep - ok
20:05:50.0156 5308 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
20:05:50.0250 5308 BHDrvx86 - ok
20:05:50.0406 5308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:05:50.0578 5308 cbidf2k - ok
20:05:50.0656 5308 cd20xrnt - ok
20:05:50.0750 5308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:50.0937 5308 Cdaudio - ok
20:05:51.0093 5308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:51.0296 5308 Cdfs - ok
20:05:51.0421 5308 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:51.0500 5308 Cdrom - ok
20:05:51.0593 5308 Changer - ok
20:05:51.0687 5308 CmdIde - ok
20:05:51.0781 5308 Cpqarray - ok
20:05:51.0843 5308 dac2w2k - ok
20:05:51.0890 5308 dac960nt - ok
20:05:52.0031 5308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:52.0234 5308 Disk - ok
20:05:52.0484 5308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:05:52.0859 5308 dmboot - ok
20:05:53.0046 5308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:05:53.0281 5308 dmio - ok
20:05:53.0484 5308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:05:53.0703 5308 dmload - ok
20:05:53.0937 5308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:05:54.0156 5308 DMusic - ok
20:05:54.0375 5308 dpti2o - ok
20:05:54.0531 5308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:54.0750 5308 drmkaud - ok
20:05:54.0953 5308 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:05:55.0031 5308 eeCtrl - ok
20:05:55.0125 5308 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:05:55.0390 5308 EraserUtilRebootDrv - ok
20:05:55.0656 5308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:05:55.0875 5308 Fastfat - ok
20:05:56.0109 5308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:05:56.0328 5308 Fdc - ok
20:05:56.0468 5308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:05:56.0687 5308 Fips - ok
20:05:56.0890 5308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:05:57.0140 5308 Flpydisk - ok
20:05:57.0531 5308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:05:57.0750 5308 FltMgr - ok
20:05:57.0984 5308 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
20:05:58.0046 5308 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:05:58.0046 5308 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:05:58.0203 5308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:05:58.0359 5308 Fs_Rec - ok
20:05:58.0468 5308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:05:58.0625 5308 Ftdisk - ok
20:05:58.0734 5308 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:05:58.0890 5308 gagp30kx - ok
20:05:58.0984 5308 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:05:59.0156 5308 gameenum - ok
20:05:59.0281 5308 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:05:59.0296 5308 GearAspiWDM - ok
20:05:59.0375 5308 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
20:05:59.0390 5308 giveio ( UnsignedFile.Multi.Generic ) - warning
20:05:59.0390 5308 giveio - detected UnsignedFile.Multi.Generic (1)
20:05:59.0500 5308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:05:59.0671 5308 Gpc - ok
20:05:59.0843 5308 GVCplDrv (f22bf7f345df95c09942951246aaa28d) C:\WINDOWS\system32\drivers\GVCplDrv.sys
20:05:59.0859 5308 GVCplDrv ( UnsignedFile.Multi.Generic ) - warning
20:05:59.0859 5308 GVCplDrv - detected UnsignedFile.Multi.Generic (1)
20:06:00.0000 5308 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:06:00.0171 5308 HidUsb - ok
20:06:00.0265 5308 hpn - ok
20:06:00.0375 5308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:06:00.0453 5308 HTTP - ok
20:06:00.0546 5308 i2omgmt - ok
20:06:00.0593 5308 i2omp - ok
20:06:00.0671 5308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:06:00.0843 5308 i8042prt - ok
20:06:01.0062 5308 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSxpx86.sys
20:06:01.0078 5308 IDSxpx86 - ok
20:06:01.0203 5308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:06:01.0390 5308 Imapi - ok
20:06:01.0500 5308 ini910u - ok
20:06:01.0640 5308 IntelC51 (92f1e6b4b7132c7cac60d8d1b7bbaf7e) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:06:01.0734 5308 IntelC51 - ok
20:06:01.0906 5308 IntelC52 (e1166f800977696d33a06a4d6c70d0f7) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:06:01.0968 5308 IntelC52 - ok
20:06:02.0078 5308 IntelC53 (48ac46af27b7155853cb3be4a5b072cd) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:06:02.0109 5308 IntelC53 - ok
20:06:02.0203 5308 IntelIde - ok
20:06:02.0312 5308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:06:02.0484 5308 Ip6Fw - ok
20:06:02.0593 5308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:06:02.0781 5308 IpFilterDriver - ok
20:06:02.0890 5308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:06:03.0062 5308 IpInIp - ok
20:06:03.0187 5308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:06:03.0375 5308 IpNat - ok
20:06:03.0484 5308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:06:03.0671 5308 IPSec - ok
20:06:03.0781 5308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:06:03.0843 5308 IRENUM - ok
20:06:03.0968 5308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:06:04.0140 5308 isapnp - ok
20:06:04.0250 5308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:06:04.0437 5308 Kbdclass - ok
20:06:04.0546 5308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:06:04.0703 5308 kbdhid - ok
20:06:04.0828 5308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:06:04.0984 5308 kmixer - ok
20:06:05.0109 5308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:06:05.0156 5308 KSecDD - ok
20:06:05.0453 5308 lbrtfdc - ok
20:06:05.0609 5308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:06:05.0765 5308 mnmdd - ok
20:06:05.0875 5308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:06:06.0031 5308 Modem - ok
20:06:06.0140 5308 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:06:06.0328 5308 MODEMCSA - ok
20:06:06.0453 5308 mohfilt (b86b2e902d190b3726b99288af14e2d6) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:06:06.0468 5308 mohfilt - ok
20:06:06.0578 5308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:06:06.0750 5308 Mouclass - ok
20:06:06.0843 5308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:06:07.0015 5308 mouhid - ok
20:06:07.0109 5308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:06:07.0281 5308 MountMgr - ok
20:06:07.0359 5308 mraid35x - ok
20:06:07.0437 5308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:06:07.0625 5308 MRxDAV - ok
20:06:07.0765 5308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:06:07.0875 5308 MRxSmb - ok
20:06:08.0015 5308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:06:08.0171 5308 Msfs - ok
20:06:08.0312 5308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:06:08.0500 5308 MSKSSRV - ok
20:06:08.0609 5308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:06:08.0796 5308 MSPCLOCK - ok
20:06:08.0906 5308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:06:09.0093 5308 MSPQM - ok
20:06:09.0187 5308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:06:09.0375 5308 mssmbios - ok
20:06:09.0484 5308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:06:09.0546 5308 Mup - ok
20:06:09.0750 5308 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVENG.SYS
20:06:09.0765 5308 NAVENG - ok
20:06:09.0859 5308 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVEX15.SYS
20:06:09.0953 5308 NAVEX15 - ok
20:06:10.0093 5308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:06:10.0265 5308 NDIS - ok
20:06:10.0390 5308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:06:10.0453 5308 NdisTapi - ok
20:06:10.0562 5308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:06:10.0734 5308 Ndisuio - ok
20:06:10.0859 5308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:06:11.0015 5308 NdisWan - ok
20:06:11.0125 5308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:06:11.0187 5308 NDProxy - ok
20:06:11.0312 5308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:06:11.0500 5308 NetBIOS - ok
20:06:11.0609 5308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:06:11.0796 5308 NetBT - ok
20:06:12.0000 5308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:06:12.0187 5308 Npfs - ok
20:06:12.0453 5308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:06:12.0625 5308 Ntfs - ok
20:06:12.0750 5308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:06:12.0921 5308 Null - ok
20:06:13.0093 5308 nv (c28c1472e8548756e8e8c9e8993d3257) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:06:13.0265 5308 nv - ok
20:06:13.0437 5308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:06:13.0609 5308 NwlnkFlt - ok
20:06:13.0718 5308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:06:13.0890 5308 NwlnkFwd - ok
20:06:13.0953 5308 PalmUSBD - ok
20:06:14.0000 5308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:06:14.0171 5308 Parport - ok
20:06:14.0515 5308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:06:14.0687 5308 PartMgr - ok
20:06:14.0812 5308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:06:14.0984 5308 ParVdm - ok
20:06:15.0078 5308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:06:15.0265 5308 PCI - ok
20:06:15.0750 5308 PCIDump - ok
20:06:15.0812 5308 PCIIde - ok
20:06:15.0890 5308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:06:16.0046 5308 Pcmcia - ok
20:06:16.0140 5308 PDCOMP - ok
20:06:16.0187 5308 PDFRAME - ok
20:06:16.0250 5308 PDRELI - ok
20:06:16.0328 5308 PDRFRAME - ok
20:06:16.0390 5308 perc2 - ok
20:06:16.0437 5308 perc2hib - ok
20:06:16.0593 5308 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
20:06:16.0625 5308 pfc ( UnsignedFile.Multi.Generic ) - warning
20:06:16.0625 5308 pfc - detected UnsignedFile.Multi.Generic (1)
20:06:16.0812 5308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:06:17.0000 5308 PptpMiniport - ok
20:06:17.0093 5308 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:06:17.0250 5308 Processor - ok
20:06:17.0375 5308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:06:17.0531 5308 PSched - ok
20:06:17.0656 5308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:06:17.0796 5308 Ptilink - ok
20:06:17.0890 5308 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:06:17.0906 5308 PxHelp20 - ok
20:06:17.0953 5308 ql1080 - ok
20:06:18.0015 5308 Ql10wnt - ok
20:06:18.0078 5308 ql12160 - ok
20:06:18.0109 5308 ql1240 - ok
20:06:18.0187 5308 ql1280 - ok
20:06:18.0312 5308 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
20:06:18.0343 5308 RapportBuka ( UnsignedFile.Multi.Generic ) - warning
20:06:18.0343 5308 RapportBuka - detected UnsignedFile.Multi.Generic (1)
20:06:18.0515 5308 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
20:06:18.0546 5308 RapportCerberus_34302 - ok
20:06:18.0671 5308 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:06:18.0687 5308 RapportEI - ok
20:06:18.0843 5308 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
20:06:18.0859 5308 RapportIaso - ok
20:06:18.0968 5308 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\WINDOWS\system32\Drivers\RapportKELL.sys
20:06:18.0984 5308 RapportKELL - ok
20:06:19.0093 5308 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:06:19.0109 5308 RapportPG - ok
20:06:19.0250 5308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:06:19.0453 5308 RasAcd - ok
20:06:19.0578 5308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:06:19.0750 5308 Rasl2tp - ok
20:06:19.0875 5308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:06:20.0046 5308 RasPppoe - ok
20:06:20.0140 5308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:06:20.0312 5308 Raspti - ok
20:06:20.0421 5308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:06:20.0578 5308 Rdbss - ok
20:06:20.0687 5308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:06:20.0875 5308 RDPCDD - ok
20:06:21.0015 5308 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:06:21.0062 5308 RDPWD - ok
20:06:21.0187 5308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:06:21.0359 5308 redbook - ok
20:06:21.0531 5308 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
20:06:21.0609 5308 RTL8023 - ok
20:06:21.0750 5308 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:06:21.0921 5308 rtl8139 - ok
20:06:22.0093 5308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:06:22.0171 5308 Secdrv - ok
20:06:22.0390 5308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:06:22.0546 5308 serenum - ok
20:06:22.0656 5308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:06:22.0796 5308 Serial - ok
20:06:22.0953 5308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:06:23.0093 5308 Sfloppy - ok
20:06:23.0187 5308 Simbad - ok
20:06:23.0312 5308 Sparrow - ok
20:06:23.0390 5308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:06:23.0531 5308 splitter - ok
20:06:23.0640 5308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:06:23.0718 5308 sr - ok
20:06:23.0890 5308 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
20:06:23.0937 5308 SRTSP - ok
20:06:24.0031 5308 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
20:06:24.0046 5308 SRTSPX - ok
20:06:24.0156 5308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:06:24.0234 5308 Srv - ok
20:06:24.0375 5308 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
20:06:24.0390 5308 ss_bus - ok
20:06:24.0500 5308 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
20:06:24.0515 5308 ss_mdfl - ok
20:06:24.0625 5308 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
20:06:24.0640 5308 ss_mdm - ok
20:06:24.0796 5308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:06:24.0921 5308 swenum - ok
20:06:25.0015 5308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:06:25.0140 5308 swmidi - ok
20:06:25.0265 5308 symc810 - ok
20:06:25.0328 5308 symc8xx - ok
20:06:25.0609 5308 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMDS.SYS
20:06:25.0640 5308 SymDS - ok
20:06:25.0828 5308 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
20:06:25.0875 5308 SymEFA - ok
20:06:26.0000 5308 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:06:26.0015 5308 SymEvent - ok
20:06:26.0125 5308 SymIM (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:06:26.0140 5308 SymIM - ok
20:06:26.0156 5308 SymIMMP (94a2459242a6dd0daf3baa99e96784ff) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:06:26.0187 5308 SymIMMP - ok
20:06:26.0343 5308 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207000.00D\Ironx86.SYS
20:06:26.0359 5308 SymIRON - ok
20:06:26.0453 5308 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
20:06:26.0468 5308 symlcbrd - ok
20:06:26.0609 5308 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SYMTDI.SYS
20:06:26.0640 5308 SYMTDI - ok
20:06:26.0750 5308 sym_hi - ok
20:06:26.0812 5308 sym_u3 - ok
20:06:26.0890 5308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:06:27.0062 5308 sysaudio - ok
20:06:27.0281 5308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:06:27.0437 5308 Tcpip - ok
20:06:27.0562 5308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:06:27.0734 5308 TDPIPE - ok
20:06:27.0843 5308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:06:28.0015 5308 TDTCP - ok
20:06:28.0125 5308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:06:28.0296 5308 TermDD - ok
20:06:28.0406 5308 TosIde - ok
20:06:28.0531 5308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:06:28.0703 5308 Udfs - ok
20:06:28.0781 5308 ultra - ok
20:06:28.0890 5308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:06:29.0078 5308 Update - ok
20:06:29.0218 5308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:06:29.0375 5308 usbccgp - ok
20:06:29.0484 5308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:06:29.0640 5308 usbehci - ok
20:06:29.0781 5308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:06:29.0937 5308 usbhub - ok
20:06:30.0062 5308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:06:30.0203 5308 usbprint - ok
20:06:30.0312 5308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:06:30.0500 5308 usbscan - ok
20:06:30.0593 5308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:06:30.0750 5308 USBSTOR - ok
20:06:30.0859 5308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:06:31.0015 5308 usbuhci - ok
20:06:31.0140 5308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:06:31.0281 5308 VgaSave - ok
20:06:31.0390 5308 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:06:31.0421 5308 viaagp1 - ok
20:06:31.0531 5308 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:06:31.0703 5308 ViaIde - ok
20:06:31.0796 5308 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOWS\system32\DRIVERS\viasraid.sys
20:06:31.0875 5308 viasraid - ok
20:06:31.0953 5308 VisorUsb - ok
20:06:32.0046 5308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:06:32.0203 5308 VolSnap - ok
20:06:32.0359 5308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:06:32.0531 5308 Wanarp - ok
20:06:32.0593 5308 WDICA - ok
20:06:32.0687 5308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:06:32.0843 5308 wdmaud - ok
20:06:33.0140 5308 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:06:33.0203 5308 WudfPf - ok
20:06:33.0312 5308 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:06:33.0343 5308 WudfRd - ok
20:06:33.0453 5308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:06:33.0625 5308 \Device\Harddisk0\DR0 - ok
20:06:33.0656 5308 Boot (0x1200) (6c6dd8149d201ec105b6e51175e2be41) \Device\Harddisk0\DR0\Partition0
20:06:33.0656 5308 \Device\Harddisk0\DR0\Partition0 - ok
20:06:33.0671 5308 ============================================================
20:06:33.0671 5308 Scan finished
20:06:33.0671 5308 ============================================================
20:06:33.0828 4628 Detected object count: 7
20:06:33.0828 4628 Actual detected object count: 7
20:07:18.0859 4628 alcan5wn ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0859 4628 alcan5wn ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0875 4628 alcaudsl ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0875 4628 alcaudsl ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0875 4628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0875 4628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0875 4628 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0875 4628 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0890 4628 GVCplDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0890 4628 GVCplDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0890 4628 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0890 4628 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:18.0906 4628 RapportBuka ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:18.0906 4628 RapportBuka ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:08:43.0828 3276 Deinitialize success
  • 0

#7
Graham56
Posted 28 February 2012 - 01:14 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Attached File  MBR.zip   499bytes   127 downloads
20:25:25.484 Disk 0 MBR scan
20:25:25.484 Disk 0 Windows XP default MBR code
20:25:25.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
20:25:25.500 Disk 0 scanning sectors +234436545
20:25:25.562 Disk 0 scanning C:\WINDOWS\system32\drivers
20:25:35.343 Service scanning
20:25:50.640 Modules scanning
20:26:06.625 Disk 0 trace - called modules:
20:26:06.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
20:26:06.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8712aab8]
20:26:06.640 3 CLASSPNP.SYS[f75dcfd7] -> nt!IofCallDriver -> \Device\00000069[0x8711df18]
20:26:06.968 5 ACPI.sys[f7473620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8711a940]
20:26:06.968 Scan finished successfully
20:26:23.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\gw\Desktop\MBR.dat"
20:26:23.484 The log file has been saved successfully to "C:\Documents and Settings\gw\Desktop\aswMBR.txt"
  • 0

#8
Graham56
Posted 28 February 2012 - 01:18 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I think something went wrong with the last post
aswMBR


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 20:24:54
-----------------------------
20:24:54.296 OS Version: Windows 5.1.2600 Service Pack 3
20:24:54.296 Number of processors: 1 586 0xC00
20:24:54.296 ComputerName: PC1 UserName: gw
20:24:55.843 Initialize success
20:25:25.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:25:25.468 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114472MB BusType: 3
20:25:25.484 Disk 0 MBR read successfully
20:25:25.484 Disk 0 MBR scan
20:25:25.484 Disk 0 Windows XP default MBR code
20:25:25.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
20:25:25.500 Disk 0 scanning sectors +234436545
20:25:25.562 Disk 0 scanning C:\WINDOWS\system32\drivers
20:25:35.343 Service scanning
20:25:50.640 Modules scanning
20:26:06.625 Disk 0 trace - called modules:
20:26:06.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
20:26:06.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8712aab8]
20:26:06.640 3 CLASSPNP.SYS[f75dcfd7] -> nt!IofCallDriver -> \Device\00000069[0x8711df18]
20:26:06.968 5 ACPI.sys[f7473620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8711a940]
20:26:06.968 Scan finished successfully
20:26:23.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\gw\Desktop\MBR.dat"
20:26:23.484 The log file has been saved successfully to "C:\Documents and Settings\gw\Desktop\aswMBR.txt"
  • 0

#9
maliprog
Posted 28 February 2012 - 02:27 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Thank you for more info. I really think this is not malware problem. Let's try something that should work. Please read This article and do these two steps in order to solve your problem.

Please come back and report results.
  • 0

#10
Graham56
Posted 28 February 2012 - 05:50 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Have had no luck in following your recent instructions. I could not boot into safe mode using F8 (I have done this in the past so I do know how to do it). It took 6 attempts before it would boot up. The first 5 just resulted in a blank screen with the out of range message. Finally when it did boot up it ran CHKDSK which didn't seem to find any problem. I think this may have been due to the fact that I was having to close the machine down by holding down the power button.

I entered Safe Mode by running msconfig and followed the instructions. However on reaching the 'adaptor' stage there was no adaptor's default from the Refresh list choice available and likewise with the second set of instructions there was no 'change' to click following 'adaptor'.

I went into Control Panel and into the graphic drivers and chose to revert to a previous driver which now seems to allow me to boot up without the out of range problem. I would appreciate any further help you can give me.

Graham
  • 0

Advertisements

#11
maliprog
Posted 29 February 2012 - 12:46 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart your system and press F8 (same as for Safe Mode) but this time select Enable VGA Mode and press Enter. System will try to boot after this. Let me know results.
  • 0

#12
Graham56
Posted 29 February 2012 - 12:42 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I still cannot enter safe mode by F8 during boot. I have to let it boot then run msconfig but I see no option to select enable VGA mode.
  • 0

#13
maliprog
Posted 29 February 2012 - 01:30 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try this:

  • start msconfig
  • Click on BOOT.INI tab
  • Select /BASEVIDEO option
  • Click Apply then OK button
  • When it ask you to restart click Restart button

Let me know how is your system after restart.
  • 0

#14
Graham56
Posted 29 February 2012 - 01:53 PM

Graham56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
when windows loaded the logo began to 'fragment' by horizontal black lines aa it has been doing but then the back ground picture and icons appeared to be fairly normal, I say fairly as the resolution is diferent and the icons are quite big but the picture is very clear with normal defined edges to objects unlike previous.
I am feeling hopeful!
  • 0

#15
maliprog
Posted 29 February 2012 - 02:04 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This is good news. Can you try connect another monitor to your system. Maybe there is something wrong with your monitor or signal cable.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP