Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC slow at start up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC slow at start up

Unread postby riva10 » February 27th, 2011, 2:46 pm

My PC is exceptionally slow at start up. It can sometimes take up to 10 to 15 minutes before I can start to use it for simple web browsing.

I have attached a HJT log for your perusal.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:55, on 27/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5

-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common

Files\McAfee\SystemCore\ScriptSn.20110113223831.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3

\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... b_site.cab?

1173448410180
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\avgrsstx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-

3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1

\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program

Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. -

C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program

Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10022 bytes
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Advertisement
Register to Remove

Re: PC slow at start up

Unread postby Carolyn » February 27th, 2011, 2:49 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Step 1

Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

-----------------------------------------------------

Step 2

GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    If using Vista, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge


  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Save. The Save... window will open.
  7. Save the scan results as gmer.txt, save it to your Desktop.
  8. Double click on the desktop "gmer.txt" file, to open in Notepad.
  9. Copy and paste the contents of the file gmer.txt in your next reply.

-----------------------------------------------------

Please include the following logs in your next reply (post all logs as text, no attachments please):
  • DDS.txt
  • Attach.txt
  • gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » February 27th, 2011, 7:34 pm

Hi Carolyn,

I ran the DDS process and have attached both logs as requested.

However, when I set the GMER process running, I realised this may take some time, and left the computer to complete the task. When I returned later, I had to re-log in as my User. The pc was still on, but user was logged out. I set the process off again, and this time sat there. I missed the moment when it logged my user off, but the same happened again.
This time when I logged back in, I got an error dialogue box, Windows recovered from a serious error, and another dialogue box with the following information :-

Error signature
BCCode : c2 BCP1 : 00000040 BCP2 : 00000000 BCP3 : 80000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

Reporting details
This error report includes: information regarding the condition of Microsoft Windows when the problem occured, the operating system version and computer hardware in use, and the Internet Protocol (IP) address of your computer.

I haven't tried running the GMER process again, until you advise further, but here are the two DDS logs as requested.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Andy at 20:06:05.44 on 27/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.175 [GMT 0:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110113223831.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] c:\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 3448410180
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-13 386840]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-13 84072]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-13 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [1979-12-31 491392]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-13 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-13 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-13 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-13 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-13 84264]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\21923\RapportIaso.sys [2010-12-28 12928]

=============== Created Last 30 ================

2011-02-04 06:43:03 388096 ----a-r- c:\docume~1\andy\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-30 14:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 20:07:45.94 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 09/03/2007 12:48:34
System Uptime: 27/02/2011 18:19:48 (2 hours ago)

Motherboard: NEC COMPUTERS INTERNATIONAL | | K8T800-8237
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 2199/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 181 GiB total, 133.188 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Lexmark 5200 series
Device ID: USB\VID_043D&PID_0093&MI_00\6&20ECC8C1&1&0000
Manufacturer: Lexmark
Name: Lexmark 5200 series
PNP Device ID: USB\VID_043D&PID_0093&MI_00\6&20ECC8C1&1&0000
Service: usbscan

==== System Restore Points ===================

RP510: 03/12/2010 14:36:44 - System Checkpoint
RP511: 03/12/2010 16:32:31 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP512: 03/12/2010 16:32:58 - Installed AVG 2011
RP513: 03/12/2010 16:34:48 - Removed AVG Free 9.0
RP514: 03/12/2010 18:10:40 - Installed AVG 2011
RP515: 05/12/2010 13:45:54 - System Checkpoint
RP516: 07/12/2010 19:30:33 - System Checkpoint
RP517: 09/12/2010 20:13:19 - System Checkpoint
RP518: 11/12/2010 16:11:38 - System Checkpoint
RP519: 12/12/2010 19:46:12 - System Checkpoint
RP520: 13/12/2010 14:05:35 - Installed Planetary, Lunar, and Stellar Visibility
RP521: 13/12/2010 14:16:21 - Removed Planetary, Lunar, and Stellar Visibility
RP522: 16/12/2010 19:35:57 - System Checkpoint
RP523: 16/12/2010 20:54:01 - Software Distribution Service 3.0
RP524: 18/12/2010 14:06:51 - System Checkpoint
RP525: 19/12/2010 18:37:54 - System Checkpoint
RP526: 20/12/2010 18:21:48 - Removed AVG 2011
RP527: 20/12/2010 18:23:55 - Removed AVG 2011
RP528: 20/12/2010 23:14:27 - Installed Java(TM) 6 Update 23
RP529: 22/12/2010 18:29:41 - System Checkpoint
RP530: 23/12/2010 20:17:14 - System Checkpoint
RP531: 25/12/2010 00:03:42 - System Checkpoint
RP532: 26/12/2010 12:35:34 - System Checkpoint
RP533: 28/12/2010 12:43:42 - System Checkpoint
RP534: 29/12/2010 19:32:49 - System Checkpoint
RP535: 30/12/2010 23:25:53 - System Checkpoint
RP536: 01/01/2011 17:21:10 - System Checkpoint
RP537: 03/01/2011 10:17:05 - System Checkpoint
RP538: 04/01/2011 18:42:01 - System Checkpoint
RP539: 06/01/2011 19:01:07 - System Checkpoint
RP540: 07/01/2011 20:15:24 - System Checkpoint
RP541: 09/01/2011 14:01:12 - System Checkpoint
RP542: 10/01/2011 18:39:34 - System Checkpoint
RP543: 12/01/2011 19:40:20 - System Checkpoint
RP544: 12/01/2011 23:34:28 - Software Distribution Service 3.0
RP545: 15/01/2011 17:40:05 - System Checkpoint
RP546: 16/01/2011 18:50:55 - System Checkpoint
RP547: 19/01/2011 12:26:06 - System Checkpoint
RP548: 21/01/2011 14:24:02 - System Checkpoint
RP549: 23/01/2011 16:16:53 - System Checkpoint
RP550: 24/01/2011 20:02:59 - System Checkpoint
RP551: 26/01/2011 19:19:59 - System Checkpoint
RP552: 27/01/2011 19:23:26 - System Checkpoint
RP553: 28/01/2011 22:33:59 - System Checkpoint
RP554: 30/01/2011 20:00:27 - System Checkpoint
RP555: 02/02/2011 19:58:51 - System Checkpoint
RP556: 04/02/2011 06:43:00 - Installed HiJackThis
RP557: 05/02/2011 20:37:15 - System Checkpoint
RP558: 11/02/2011 14:06:15 - Software Distribution Service 3.0
RP559: 11/02/2011 18:01:03 - Software Distribution Service 3.0
RP560: 12/02/2011 18:01:18 - System Checkpoint
RP561: 14/02/2011 19:45:52 - System Checkpoint
RP562: 16/02/2011 20:16:27 - System Checkpoint
RP563: 18/02/2011 19:18:59 - System Checkpoint
RP564: 25/02/2011 23:17:07 - System Checkpoint
RP565: 27/02/2011 19:04:26 - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aztech CNR2900 V.90 Modem
Blubster 2.6.9
Bonjour
Compatibility Pack for the 2007 Office system
ESET Online Scanner v3
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Lexmark 5200 Series
LG PC Suite
LG USB Modem driver
Map Button (Windows Live Toolbar)
McAfee AntiVirus Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
QuickTime
Rapport
RealPlayer
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Smart Menus (Windows Live Toolbar)
Sonic MyDVD
Sonic RecordNow!
Tesco Picture Suite
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

27/02/2011 20:06:14, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
20/02/2011 13:21:35, error: Service Control Manager [7000] - The Logitech Process Monitor service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Thanks Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » February 28th, 2011, 6:48 pm

McAfee may be interfering with GMER. Please disconnect from the internet before disabling McAfee. Copy these instructions to Notepad and save them on your desktop so that they will be available while you are offline.

How to disable McAfee:

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.
    [indent]Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)[/indent]
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820

After you disable McAfee, try running GMER again. This time, please uncheck "Devices" before starting the scan.

Remember to re-enable McAfee before going online.

--------------------------

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

--------------------------

Please post the following:
  • The GMER log
  • The Malwarebytes' log
  • A new DDS.txt and Attach.txt log
  • A description of any problems you are currently having with this computer
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » March 2nd, 2011, 2:51 pm

Hi Carolyn,

As advised, I disabled McAfee, before I ran GMER again, using the directions given.
I watched as the PC performed it's scan, and after approx. 30 minutes, exactly the same happened again, it logged me off again, doesn't shut down completely.

It has taken me two attempts to log back in tonight, with the Windows has recovered from a Serious Error message.

I haven't done any of the other tasks yet.

Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » March 2nd, 2011, 8:15 pm

Hello,

Thank you for hanging in there with the GMER scan. I know how frustrating this can be.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

--------------------------------------------

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click mbam-setup.exe to install the program
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Disable McAfee
  5. Select the Scanner tab. Click on Perform Quick scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

--------------------------------------------

Next,
Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

--------------------------------------------

Please post the following:
  • The Malwarebytes' log
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » March 4th, 2011, 3:30 am

Hi Carolyn,

I've carried out all of the instructions as directed.

A question regarding the ERUNT process, I did only have to back up the registry, and do nothing else.

I have ran the MBAM & OTL processes. and here are the logs as requested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5940

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/03/2011 07:11:11
mbam-log-2011-03-04 (07-11-11).txt

Scan type: Quick scan
Objects scanned: 210453
Time elapsed: 16 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAC95A5E-B836-47A1-9508-DC5307C37003} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------

OTL logfile created on: 04/03/2011 07:13:46 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 132.88 Gb Free Space | 73.29% Space Free | Partition Type: NTFS

Computer Name: 040077120244 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
PRC - [2011/01/17 16:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/04 06:14:40 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/06/04 05:58:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
PRC - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/20 15:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/27 20:48:54 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2010/12/28 12:15:11 | 000,012,928 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/03/01 22:46:12 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2008/11/13 19:59:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/06/13 10:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/06/13 10:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/06/13 10:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/06/13 10:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/06/13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2004/08/27 15:32:16 | 000,491,392 | ---- | M] (PSH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
DRV - [2004/08/12 21:14:46 | 000,786,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/08 09:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/01 08:56:00 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/01 08:56:00 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/01/28 16:37:46 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/01/28 16:26:28 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/01/28 15:46:22 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/01/28 15:20:44 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/01/13 16:03:30 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/07 16:35:44 | 000,199,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/10/04 09:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/28 19:14:28 | 000,000,000 | ---D | M]

[2008/07/09 17:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\h059mdxg.default\extensions
File not found (No name found) -- C:\PROGRAM FILES\GOOGLE\GOOGLE PHOTOS SCREENSAVER\FF_EXT
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-GZFB@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2010/01/03 09:53:27 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110113223831.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3448410180 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 06:29:17 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2011/03/04 06:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/03/03 06:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/03 06:48:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/03 06:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/03 06:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/03 06:48:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/03 06:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/03 06:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/03 06:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/27 20:46:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/15 20:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark 5200 Series
[2011/02/15 20:11:14 | 001,040,384 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtusb1.dll
[2011/02/15 20:11:14 | 000,495,616 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbthbn1.dll
[2011/02/15 20:11:14 | 000,471,040 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtpmui.dll
[2011/02/15 20:11:14 | 000,450,560 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtlmpm.dll
[2011/02/15 20:11:14 | 000,421,888 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcoms.exe
[2011/02/15 20:11:14 | 000,385,024 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcomm.dll
[2011/02/15 20:11:14 | 000,344,064 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcfg.exe
[2011/02/15 20:11:14 | 000,126,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtprox.dll
[2011/02/15 20:11:14 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtpplc.dll
[2011/02/15 20:11:13 | 001,048,576 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtserv.dll
[2011/02/15 20:11:13 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxbtgf.dll
[2011/02/15 20:11:13 | 000,536,576 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtjswr.dll
[2011/02/15 20:11:13 | 000,520,192 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcomc.dll
[2011/02/15 20:11:13 | 000,376,832 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtutil.dll
[2011/02/15 20:11:13 | 000,090,112 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtcur.dll
[2011/02/15 20:11:13 | 000,069,632 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtcu.dll
[2011/02/15 20:11:13 | 000,065,536 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxbtcfg.dll
[2011/02/15 20:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5200 Series
[2011/02/15 07:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\HardwareHelper
[2011/02/04 06:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\HiJackThis
[2011/02/03 22:17:09 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Andy\Desktop\StartUpLite.exe
[2004/10/19 16:35:57 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1979/12/31 23:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/03/04 06:33:40 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2011/03/04 06:25:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/04 06:08:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7217E211-FED9-470D-8F5D-6369A1D3B2BC}.job
[2011/03/04 06:07:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 06:05:17 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/04 06:04:28 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/04 06:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/04 06:03:36 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 20:12:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\uuof18tm.exe
[2011/02/27 20:04:57 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2011/02/27 18:39:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2011/02/26 16:00:06 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/02/25 19:03:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/02/25 19:03:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/02/16 01:12:50 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2011/02/11 15:04:54 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 14:31:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 13:52:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/10 06:34:56 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/03 22:17:10 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Andy\Desktop\StartUpLite.exe

========== Files Created - No Company Name ==========

[2011/03/04 06:33:40 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 06:05:10 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/27 20:12:38 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\uuof18tm.exe
[2011/02/27 20:04:54 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2011/02/16 01:12:50 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2011/02/15 20:11:14 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2011/02/15 20:11:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2011/02/15 20:11:14 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\lxbt.loc
[2011/02/15 20:11:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ver
[2011/02/15 20:11:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2011/02/15 20:11:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2011/02/15 20:11:13 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2011/02/15 20:11:13 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2011/02/04 06:43:02 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/12/19 15:14:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\prvlcl.dat
[2010/05/03 19:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 17:52:37 | 000,064,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/13 19:23:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/11/13 19:13:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/09 19:35:55 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/30 16:02:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/07/06 13:54:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\fusioncache.dat
[2007/06/21 17:57:58 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2007/06/11 17:52:05 | 000,005,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/05/07 17:37:04 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/19 17:01:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/19 16:49:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/19 16:45:18 | 000,005,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASIOMI.sys
[2004/10/19 16:42:10 | 000,121,050 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/10/19 16:41:54 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2004/10/19 16:40:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/19 16:35:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/10/19 16:35:57 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2004/10/19 16:35:57 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2004/10/19 16:35:57 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/10/19 16:35:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2004/10/19 16:35:37 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/09/07 17:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 16:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 16:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:55:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:46:35 | 000,301,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:38:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 15:38:09 | 000,448,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 15:38:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 15:38:09 | 000,074,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 15:38:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 15:38:08 | 000,004,481 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 15:38:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 15:38:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 15:37:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 15:37:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 15:37:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 15:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1979/12/31 23:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 23:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1979/12/31 23:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 04/03/2011 07:13:46 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 132.88 Gb Free Space | 73.29% Space Free | Partition Type: NTFS

Computer Name: 040077120244 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- (Streamcast Networks, Inc)
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- (MP2P Technologies.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Blubster" = Blubster 2.6.9
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 5200 Series" = Lexmark 5200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SLAMRMO" = Aztech CNR2900 V.90 Modem
"Tesco Picture Suite" = Tesco Picture Suite
"Tweak UI 2.10" = Tweak UI
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 14:39:04 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:08 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:09 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:10 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/02/2011 02:33:32 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/02/2011 03:00:30 | Computer Name = 040077120244 | Source = CardSpace 3.0.0.0 | ID = 327937
Description = An error occurrred while accessing the card collection. Either the
store directory or the store file ACLs were found to be tampered. The ACLs have
now been restored to their default settings. Additional Information: at System.Environment.GetStackTrace(Exception
e, Boolean needFileInfo) at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException
ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception
e) at Microsoft.InfoCards.FileDataSource.LogIfAclsTampered(FileSystemInfo fileSysInfo)

at Microsoft.InfoCards.FileDataSource.OpenOrCreateHelper(FileInfo theFile, FileStream&
fileStream) at Microsoft.InfoCards.FileDataSource.CreateDirAndFiles() at Microsoft.InfoCards.FileDataSource.OnLoad()

at Microsoft.InfoCards.StoreConnection.Load() at Microsoft.InfoCards.StoreConnection.GetConnection(WindowsIdentity
identity, Boolean allowCreate) at Microsoft.InfoCards.StoreConnection.CreateConnection()

at Microsoft.InfoCards.ClientUIRequest.OnInitializeAsUser() at Microsoft.InfoCards.Request.Initialize()

at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle
monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle,
IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error - 11/02/2011 12:58:43 | Computer Name = 040077120244 | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The server returned an invalid or unrecognized response

Error - 15/02/2011 03:17:57 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2011 09:27:14 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/03/2011 14:16:21 | Computer Name = 040077120244 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 02/03/2011 14:16:23 | Computer Name = 040077120244 | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3
80000000, parameter4 00000000.

Error - 02/03/2011 14:17:28 | Computer Name = 040077120244 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 02/03/2011 14:17:31 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 02/03/2011 14:19:37 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 02/03/2011 14:20:15 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 02/03/2011 14:29:28 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 02/03/2011 14:39:57 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 03/03/2011 02:04:42 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 04/03/2011 02:05:27 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 04/03/2011 02:08:50 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >

Thank you Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » March 5th, 2011, 2:22 pm

Hello Andy,

A question regarding the ERUNT process, I did only have to back up the registry, and do nothing else.


Yes, but it is always a good idea to back up important files and folders.

==============================

ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic along with a fresh OTL log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » March 5th, 2011, 8:45 pm

Hi Carolyn,

While waiting for your latest instructions, I checked the Task Manager after logging in.
There are two processes which appear to have a slow down effect on the PC, they are :
wuauclt.exe & svchost.exe. I'm not sure what these are.

I set the ESET programme away & left it running. When I returned, the scan was complete, but the whole PC had frozen, so I had to hold in the start button to shut it down.
It then took at least 5 minutes to get to the user log on screen.

I have attached the ESET log & OTL logs as requested. Incidentally OTL produced "Extras" log which I've also attached.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f8b0098bce2076479bbb3d7980e128fb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-05 10:54:19
# local_time=2011-03-05 10:54:19 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 37534960 37534960 0 0
# compatibility_mode=1024 16777215 100 0 6485597 6485597 0 0
# compatibility_mode=5121 16777173 100 75 4338036 12869057 0 0
# compatibility_mode=8192 67108863 100 0 36638405 36638405 0 0
# scanned=139578
# found=0
# cleaned=0
# scan_time=12941

-------------------------------------------

OTL logfile created on: 06/03/2011 00:26:26 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 133.33 Gb Free Space | 73.54% Space Free | Partition Type: NTFS

Computer Name: 040077120244 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
PRC - [2010/11/22 18:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/25 13:44:28 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
PRC - [2004/03/25 13:30:30 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
PRC - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/20 15:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/27 20:48:54 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2010/12/28 12:15:11 | 000,012,928 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys -- (RapportIaso)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/03/01 22:46:12 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2008/11/13 19:59:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/06/13 10:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/06/13 10:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/06/13 10:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/06/13 10:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/06/13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2004/08/27 15:32:16 | 000,491,392 | ---- | M] (PSH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
DRV - [2004/08/12 21:14:46 | 000,786,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/08 09:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/01 08:56:00 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/01 08:56:00 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/01/28 16:37:46 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/01/28 16:26:28 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/01/28 15:46:22 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/01/28 15:20:44 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/01/13 16:03:30 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/07 16:35:44 | 000,199,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/10/04 09:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\URLSearchHook: *{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: *{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1018\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/28 19:14:28 | 000,000,000 | ---D | M]

[2008/07/09 17:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\h059mdxg.default\extensions
File not found (No name found) -- C:\PROGRAM FILES\GOOGLE\GOOGLE PHOTOS SCREENSAVER\FF_EXT
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-GZFB@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2010/01/03 09:53:27 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110113223831.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1018\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark 5200 series] C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008..\Run: [LDM] File not found
O4 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009..\Run: [LDM] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 12
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 12
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1018\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3448410180 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 00:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/03/04 06:29:17 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2011/03/03 06:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/03 06:48:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/03 06:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/03 06:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/03 06:48:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/03 06:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/03 06:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/03 06:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/27 20:46:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/15 20:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark 5200 Series
[2011/02/15 20:11:14 | 001,040,384 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtusb1.dll
[2011/02/15 20:11:14 | 000,495,616 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbthbn1.dll
[2011/02/15 20:11:14 | 000,471,040 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtpmui.dll
[2011/02/15 20:11:14 | 000,450,560 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtlmpm.dll
[2011/02/15 20:11:14 | 000,421,888 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcoms.exe
[2011/02/15 20:11:14 | 000,385,024 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcomm.dll
[2011/02/15 20:11:14 | 000,344,064 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcfg.exe
[2011/02/15 20:11:14 | 000,126,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtprox.dll
[2011/02/15 20:11:14 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtpplc.dll
[2011/02/15 20:11:13 | 001,048,576 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtserv.dll
[2011/02/15 20:11:13 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxbtgf.dll
[2011/02/15 20:11:13 | 000,536,576 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtjswr.dll
[2011/02/15 20:11:13 | 000,520,192 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbtcomc.dll
[2011/02/15 20:11:13 | 000,376,832 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtutil.dll
[2011/02/15 20:11:13 | 000,090,112 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtcur.dll
[2011/02/15 20:11:13 | 000,069,632 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\lxbtcu.dll
[2011/02/15 20:11:13 | 000,065,536 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxbtcfg.dll
[2011/02/15 20:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5200 Series
[2011/02/15 07:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\HardwareHelper
[2011/02/04 06:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\HiJackThis
[2004/10/19 16:35:57 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1979/12/31 23:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/03/06 00:25:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/06 00:14:07 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/06 00:11:17 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/06 00:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/06 00:10:48 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 19:00:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/03/05 18:32:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7217E211-FED9-470D-8F5D-6369A1D3B2BC}.job
[2011/03/05 12:22:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 06:33:40 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 06:29:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2011/02/27 20:12:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\uuof18tm.exe
[2011/02/27 20:04:57 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2011/02/27 18:39:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2011/02/25 19:03:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/02/25 19:03:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/02/16 01:12:50 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2011/02/11 15:04:54 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 14:31:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 13:52:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/10 06:34:56 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/03/04 14:19:03 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/04 06:33:40 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/27 20:12:38 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\uuof18tm.exe
[2011/02/27 20:04:54 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\dds.scr
[2011/02/16 01:12:50 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2011/02/15 20:11:14 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbtih.exe
[2011/02/15 20:11:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2011/02/15 20:11:14 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\lxbt.loc
[2011/02/15 20:11:14 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ver
[2011/02/15 20:11:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2011/02/15 20:11:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2011/02/15 20:11:13 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2011/02/15 20:11:13 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2011/02/04 06:43:02 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/12/19 15:14:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\prvlcl.dat
[2010/05/03 19:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 17:52:37 | 000,064,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/13 19:23:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/11/13 19:13:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/09 19:35:55 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/30 16:02:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/07/06 13:54:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\fusioncache.dat
[2007/06/21 17:57:58 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2007/06/11 17:52:05 | 000,005,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/05/07 17:37:04 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/19 17:01:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/19 16:49:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/19 16:45:18 | 000,005,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASIOMI.sys
[2004/10/19 16:42:10 | 000,121,050 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/10/19 16:41:54 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2004/10/19 16:40:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/19 16:35:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/10/19 16:35:57 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2004/10/19 16:35:57 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2004/10/19 16:35:57 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/10/19 16:35:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2004/10/19 16:35:37 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/09/07 17:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 16:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 16:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:55:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:46:35 | 000,301,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:38:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 15:38:09 | 000,448,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 15:38:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 15:38:09 | 000,074,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 15:38:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 15:38:08 | 000,004,481 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 15:38:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 15:38:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 15:37:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 15:37:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 15:37:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 15:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1979/12/31 23:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 23:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1979/12/31 23:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 06/03/2011 00:26:26 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 133.33 Gb Free Space | 73.54% Space Free | Partition Type: NTFS

Computer Name: 040077120244 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- (Streamcast Networks, Inc)
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- (MP2P Technologies.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Blubster" = Blubster 2.6.9
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 5200 Series" = Lexmark 5200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SLAMRMO" = Aztech CNR2900 V.90 Modem
"Tesco Picture Suite" = Tesco Picture Suite
"Tweak UI 2.10" = Tweak UI
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 14:39:04 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:08 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:09 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2011 14:56:10 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/02/2011 02:33:32 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/02/2011 03:00:30 | Computer Name = 040077120244 | Source = CardSpace 3.0.0.0 | ID = 327937
Description = An error occurrred while accessing the card collection. Either the
store directory or the store file ACLs were found to be tampered. The ACLs have
now been restored to their default settings. Additional Information: at System.Environment.GetStackTrace(Exception
e, Boolean needFileInfo) at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException
ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception
e) at Microsoft.InfoCards.FileDataSource.LogIfAclsTampered(FileSystemInfo fileSysInfo)

at Microsoft.InfoCards.FileDataSource.OpenOrCreateHelper(FileInfo theFile, FileStream&
fileStream) at Microsoft.InfoCards.FileDataSource.CreateDirAndFiles() at Microsoft.InfoCards.FileDataSource.OnLoad()

at Microsoft.InfoCards.StoreConnection.Load() at Microsoft.InfoCards.StoreConnection.GetConnection(WindowsIdentity
identity, Boolean allowCreate) at Microsoft.InfoCards.StoreConnection.CreateConnection()

at Microsoft.InfoCards.ClientUIRequest.OnInitializeAsUser() at Microsoft.InfoCards.Request.Initialize()

at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle
monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle,
IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error - 11/02/2011 12:58:43 | Computer Name = 040077120244 | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The server returned an invalid or unrecognized response

Error - 15/02/2011 03:17:57 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2011 09:27:14 | Computer Name = 040077120244 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/03/2011 14:16:21 | Computer Name = 040077120244 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 03/03/2011 02:04:42 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 04/03/2011 02:05:27 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 04/03/2011 02:08:50 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 04/03/2011 10:18:40 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 04/03/2011 10:35:25 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 05/03/2011 08:19:45 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2

Error - 05/03/2011 08:25:43 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 05/03/2011 08:28:03 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 05/03/2011 08:30:44 | Computer Name = 040077120244 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 05/03/2011 20:12:39 | Computer Name = 040077120244 | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2


< End of report >

Thank you, Andy.
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » March 6th, 2011, 6:57 pm

Hello,

There are two processes which appear to have a slow down effect on the PC, they are :
wuauclt.exe & svchost.exe. I'm not sure what these are.


Those are both legitimate Windows processes.

I'm not seeing any signs of active malware in your logs. I suspect the system is slow because it is low on RAM.

511.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free


Let's clean up a few things using OTL...

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

Run a custome OTL script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\URLSearchHook: *{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - Reg Error: Key error. File not found
    File not found (No name found) -- C:\PROGRAM FILES\GOOGLE\GOOGLE PHOTOS SCREENSAVER\FF_EXT
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-GZFB@PARTNERS.MOZILLA.COM
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
    O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1008..\Run: [LDM] File not found
    O4 - HKU\S-1-5-21-1813329620-3223462588-4205438617-1009..\Run: [LDM] File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\avgrsstx.dll) - File not found
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Morpheus\Morpheus.exe"=-
    "C:\Program Files\AVG\AVG10\avgmfapx.exe"=-
    
    :Commands
    [emptytemp]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » March 7th, 2011, 5:58 pm

Hi Carolyn,

I backed up the registry with ERUNT and ran the OTL fix.

Here is the requested log.

All processes killed
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe moved successfully.
Unable to set value : HKU\S-1-5-21-1813329620-3223462588-4205438617-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{D73F49B6-B51B-4d32-A3B7-BD04B8342F53}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1008\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1813329620-3223462588-4205438617-1009\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\avgrsstx.dll deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG10\avgmfapx.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Andy
->Temp folder emptied: 3758505 bytes
->Temporary Internet Files folder emptied: 162072066 bytes
->Java cache emptied: 11700 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 31179 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lesley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lesley.040077120244

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 744224 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 345133238 bytes

Total Files Cleaned = 488.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03072011_191108

Files\Folders moved on Reboot...
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\EPEBLBJP\favicon[6].ico moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\EPEBLBJP\favicon[7].ico moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\AVUQ5CZU\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_508.dat not found!

Registry entries deleted on Reboot...

Thank you, Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » March 9th, 2011, 7:56 am

Hello Andy,

Uninstall Outdated Programs
Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Adobe Reader 9.4.2
Java(TM) 6 Update 23

=============================

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
    Note: Uncheck Free McAfee® Security Scan Plus (optional)

=============================

Update Java SE Runtime Environment (JRE).
Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

=============================

Your computer running slow is not malware related. Adding RAM would go a long way to improving the computer's performance. Also, take a look at the recommendations here, What to do if your Computer is running slowly

=============================

This is my general post for when your logs show no signs of malware ;)-

    CleanUp! with OTL
    • Double click OTL.exe to launch the program.
    • Click on the CleanUp! button.
    • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • When finished exit out of OTL
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Clear Infected System Restore Points
      For Windows XP:
      • Click start-->Run and type cleanmgr into the run box and then click "OK".
      • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
      • When the scan completes, check/uncheck desired boxes.
      • Next, please click the More Options tab at the top.
      • Click the "Clean up..." button under the System Restore section at the bottom.
      • Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
      • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

      For Windows Vista and Windows 7:
      • Click start, type Disk Cleanup in the search box
      • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
      • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
      • When the scan completes, check/uncheck desired boxes.
      • Next, please click the More Options tab at the top.
      • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
      • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
      • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

    • Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under Hidden files and folders if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check Display content of system folders
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK


    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

    • Malwarebytes' Anti-Malware or SuperAntiSpyware
      These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
      You can download SuperAntiSpyware from HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, Run and type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article How to prevent Malware by miekiemoes.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: PC slow at start up

Unread postby riva10 » March 9th, 2011, 7:44 pm

Hi Carolyn, many thanks for your help.

I've performed most of the tasks advised, and have no more questions.

Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am

Re: PC slow at start up

Unread postby Carolyn » March 9th, 2011, 8:11 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware