Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got so far - now need a little help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I've got so far - now need a little help please

Unread postby meangreeny » September 6th, 2011, 7:19 pm

Hi All,

I've been 'tasked' with helping a relatives laptop recover from slow running and a 'damn monkey popping up everywhere'. I think I've managed to sort the monkey [SweetIM] but would like some reassurance that 1] it's finally gone and 2] there is nothing else lurking in the hidden recesses of the OS.

I installed malwarebytes which got rid of a couple of trojans/toolbars and a reboot/2nd full scan reveals nothing further.

I'd appreciate someone looking over the following and giving me some advice.

Thanks in anticipation

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by bt2851 at 23:55:47 on 2011-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2937.1238 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\SysWOW64\SAgent4.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar =
mStart Page = hxxp://www.google.co.uk
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\bt2851\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C} : DhcpNameServer = 100.100.0.103
TCP: Interfaces\{FFA85CC0-7761-41EE-A5E0-F06B4B5FC3F8} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-16 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110903.030\IDSviA64.sys [2011-9-6 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-9-9 1737464]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-11 130008]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2010-7-4 55328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-31 136824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-1 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-06 20:46:26 -------- d-----w- C:\Program Files\Unlocker
2011-09-06 20:38:44 -------- d-----w- C:\Program Files (x86)\Unlocker
2011-09-06 19:54:17 -------- d-----w- C:\ProgramData\1133A
2011-09-06 19:45:13 -------- d-----w- C:\Users\bt2851\AppData\Roaming\Malwarebytes
2011-09-06 19:45:04 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-06 19:45:03 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-06 19:45:00 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-06 19:45:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-06 19:24:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 14:06:31 -------- d-----w- C:\Users\bt2851\AppData\Local\{C7E5E48E-E8BB-48A3-9196-9CD676EAF502}
2011-09-06 14:05:52 -------- d-----w- C:\Users\bt2851\AppData\Local\{878C881D-6CCD-4D06-B0E7-7DDB82D2C642}
2011-09-04 15:53:51 -------- d-----w- C:\Users\bt2851\AppData\Local\{8487FA63-1D07-4E3F-AEF0-795513DAC98E}
2011-09-04 15:53:10 -------- d-----w- C:\Users\bt2851\AppData\Local\{0104F994-7583-47CC-A6E6-31A8D4FAE4CF}
2011-09-03 08:38:51 -------- d-----w- C:\Users\bt2851\AppData\Local\{8BED7FE0-12D9-41D3-A935-5490CEBA67AC}
2011-09-03 08:38:41 -------- d-----w- C:\Users\bt2851\AppData\Local\{818AA4F7-6125-4909-B5A6-AE870E6C0885}
2011-09-01 16:14:14 -------- d-----w- C:\Users\bt2851\AppData\Local\{5E2715A5-ACD6-4524-A685-7D5B46AAC549}
2011-09-01 16:14:03 -------- d-----w- C:\Users\bt2851\AppData\Local\{DD7E1ADD-5377-4B10-BB51-0CB4739A9F27}
2011-08-30 18:06:11 -------- d-----w- C:\Users\bt2851\AppData\Local\{2D52993F-33EE-449D-85E7-AAF5EC6FC54A}
2011-08-30 18:05:04 -------- d-----w- C:\Users\bt2851\AppData\Local\{B645E426-4909-48A5-8210-0D95D83C3926}
2011-08-29 19:10:05 -------- d-----w- C:\Users\bt2851\AppData\Local\{A30AC7A3-4593-452A-8B27-1D785871A748}
2011-08-29 12:46:01 -------- d-----w- C:\Users\bt2851\AppData\Local\{CE9D571C-737C-4C26-9C70-C9585B619D61}
2011-08-29 12:41:43 -------- d-----w- C:\Windows\en
2011-08-29 12:38:26 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-29 12:31:26 -------- d-----w- C:\Users\bt2851\AppData\Local\{7DD1DE99-2E46-450A-A5F6-27B8CBCA6A50}
2011-08-29 12:30:46 -------- d-----w- C:\Users\bt2851\AppData\Local\{35750C56-25C6-4DEC-8C5B-822427CD8619}
2011-08-29 12:13:07 -------- d-----w- C:\Users\bt2851\AppData\Local\{954E70CA-6041-48FA-83F2-5EC5921840F8}
2011-08-29 12:11:29 -------- d-----w- C:\Users\bt2851\AppData\Local\{B477906B-7599-4476-B637-6A519429F10F}
2011-08-29 11:55:50 -------- d-----w- C:\Users\bt2851\AppData\Local\{599073ED-B5EC-4A46-80D8-B629A2CFCB5F}
2011-08-29 08:44:38 -------- d-----w- C:\Users\bt2851\AppData\Local\{ABB6B809-D0C5-4216-B337-84FF512B8DC8}
2011-08-29 08:44:36 -------- d-----w- C:\Users\bt2851\AppData\Local\{4450FC94-53D0-42F0-BE1C-A8A4EBC69F72}
2011-08-29 08:44:34 -------- d-----w- C:\Users\bt2851\AppData\Local\{17B0E4D8-425A-470E-86E8-6C866357807C}
2011-08-29 08:44:27 -------- d-----w- C:\Users\bt2851\AppData\Local\{E9948AB1-7B78-424A-A91A-84274ED5EEDB}
2011-08-29 08:37:54 -------- d-----w- C:\Users\bt2851\AppData\Local\{90932A38-65A9-42C2-A14F-0BEBB9071291}
2011-08-28 18:08:56 -------- d-----w- C:\Users\bt2851\AppData\Local\{BE09B06D-6787-476B-94C5-A19C835744BE}
2011-08-28 18:07:37 -------- d-----w- C:\Users\bt2851\AppData\Local\{8158AB6E-638A-4501-A2A1-EEF65CE138A3}
2011-08-28 14:53:24 -------- d-----w- C:\Users\bt2851\AppData\Local\{C86E7D48-8A85-4CE6-82F9-13A841779D0F}
2011-08-28 14:31:35 -------- d-----w- C:\Users\bt2851\AppData\Local\{F3A05D44-2E75-46DE-91FB-73425AC63321}
2011-08-27 15:21:11 -------- d-----w- C:\Users\bt2851\AppData\Local\{A39EF699-751B-46E3-A001-66971FB2DB45}
2011-08-27 15:20:01 -------- d-----w- C:\Users\bt2851\AppData\Local\{4602FAB8-3B53-4549-89EF-CF5CE0E26DA5}
2011-08-27 08:06:14 -------- d-----w- C:\Users\bt2851\AppData\Local\{BD033281-1D9A-4D87-9C42-873FAE82A21E}
2011-08-27 08:05:31 -------- d-----w- C:\Users\bt2851\AppData\Local\{D5400B39-CBDC-4419-B0D8-261CE4DE00B2}
2011-08-26 10:47:45 -------- d-----w- C:\Users\bt2851\AppData\Local\{3AE660C1-9C2F-47BD-8CCA-C8EDE85EA218}
2011-08-26 10:45:38 -------- d-----w- C:\Users\bt2851\AppData\Local\{723F2C0D-56D1-4E6B-A585-0FCD5DA2B333}
2011-08-23 20:05:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 20:05:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 18:24:53 -------- d-----w- C:\Users\bt2851\AppData\Local\{02EB04E6-FF65-4750-ACB2-30453E238F88}
2011-08-23 18:23:35 -------- d-----w- C:\Users\bt2851\AppData\Local\{C05BFC52-F55B-46DE-AF87-E45584F54658}
2011-08-22 19:23:36 -------- d-----w- C:\Users\bt2851\AppData\Local\{F69A0F1A-A30C-4F36-8A60-7FE39E2CF753}
2011-08-22 19:21:55 -------- d-----w- C:\Users\bt2851\AppData\Local\{C272E64D-4491-4EE0-A477-2C82D2BD1E90}
2011-08-21 12:23:19 -------- d-----w- C:\Users\bt2851\AppData\Local\{059EB6B1-EB5C-4A7B-B02C-6C3F31D07D72}
2011-08-21 12:21:40 -------- d-----w- C:\Users\bt2851\AppData\Local\{E3C9D508-B205-4482-B2D1-2D754AFBE328}
2011-08-20 17:03:02 -------- d-----w- C:\Users\bt2851\AppData\Local\{A92072C9-338C-46BD-B60C-A4B9E0C8D5D5}
2011-08-16 17:56:27 -------- d-----w- C:\Users\bt2851\AppData\Local\{D7134A8B-80E4-44F4-B5E2-46E2B276D9D9}
2011-08-16 17:54:55 -------- d-----w- C:\Users\bt2851\AppData\Local\{C06D9F5B-5233-485B-A187-E67AA752C1CC}
2011-08-16 07:07:50 -------- d-----w- C:\Users\bt2851\AppData\Local\{499CDA11-14E6-4D3B-96A3-A5A45CD89A17}
2011-08-15 16:13:50 -------- d-----w- C:\Users\bt2851\AppData\Local\{A783110D-C2F0-4702-B579-C664E3F58BEE}
2011-08-15 16:13:09 -------- d-----w- C:\Users\bt2851\AppData\Local\{C28A2860-1285-4EC2-BFF2-E254A13E4FCE}
2011-08-14 15:55:32 -------- d-----w- C:\Users\bt2851\AppData\Local\{C981F04B-EDBF-4667-9BB9-941E0F7CE9B6}
2011-08-14 15:52:17 -------- d-----w- C:\Users\bt2851\AppData\Local\{44EF57DD-8F55-4F5C-B223-65736B5F0657}
2011-08-14 15:51:12 -------- d-----w- C:\Users\bt2851\AppData\Local\{13596A94-35FF-43CF-B05B-94930E4B9093}
2011-08-14 15:43:52 -------- d-----w- C:\Users\bt2851\AppData\Local\{C6415859-44F9-4A4A-A8F0-395D7AD1C13F}
2011-08-14 15:43:26 -------- d-----w- C:\Users\bt2851\AppData\Local\{8649C58D-CC30-42CE-9784-368F98836815}
2011-08-14 09:41:11 -------- d-----w- C:\Users\bt2851\AppData\Local\{04B7205E-39A2-4EBF-8E80-70542C612015}
2011-08-12 19:32:42 -------- d-----w- C:\Users\bt2851\AppData\Local\{8C803283-9172-44E2-8E27-134A7426B9E2}
2011-08-12 19:30:05 -------- d-----w- C:\Users\bt2851\AppData\Local\{723B1954-D600-4CFA-8B04-023A1BD11A3A}
2011-08-10 08:04:48 -------- d-----w- C:\Users\bt2851\AppData\Local\{88F4634E-B4FC-493F-AD86-C97B085C2530}
2011-08-10 08:03:07 -------- d-----w- C:\Users\bt2851\AppData\Local\{B1FF132E-21F2-4938-9E29-1EC48E7C1FD2}
2011-08-09 20:03:12 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-09 20:02:50 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-09 20:00:41 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-09 20:00:40 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-09 20:00:39 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-09 19:48:44 -------- d-----w- C:\Users\bt2851\AppData\Local\{53ADA363-D0B9-4A8F-9BF7-B64464D503BD}
2011-08-09 19:46:33 -------- d-----w- C:\Users\bt2851\AppData\Local\{58E8F8FD-46B0-48F8-8716-F92F52E2CD4A}
2011-08-08 18:17:35 -------- d-----w- C:\Users\bt2851\AppData\Local\{8A64C0B5-6D3D-4E9C-941C-66F35EC64B92}
2011-08-08 18:15:20 -------- d-----w- C:\Users\bt2851\AppData\Local\{63E2EBC8-2A8C-454A-A9E9-820EA2AB18D6}
.
==================== Find3M ====================
.
2011-07-28 19:10:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-28 19:10:15 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-08 16:45:12 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:58:55.14 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/12/2009 15:52:13
System Uptime: 06/09/2011 22:31:52 (1 hours ago)
.
Motherboard: TOSHIBA | | NBWAA
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 31.854 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 65.708 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP229: 06/09/2011 15:14:18 - Windows Backup
RP230: 06/09/2011 18:32:31 - Removed SweetIM for Messenger 3.5
RP231: 06/09/2011 18:37:23 - Removed SweetIM Toolbar for Internet Explorer 4.1
RP232: 06/09/2011 20:11:37 - Removed SweetIM Toolbar for Internet Explorer 4.1
RP233: 06/09/2011 20:14:05 - Removed SweetIM for Messenger 3.5
RP234: 06/09/2011 20:14:29 - Removed SweetIM for Messenger 3.5
RP235: 06/09/2011 20:22:18 - Removed SweetIM for Messenger 3.5
RP236: 06/09/2011 20:25:53 - Removed SweetIM for Messenger 3.5
RP237: 06/09/2011 20:28:27 - Removed SweetIM Toolbar for Internet Explorer 4.1
RP238: 06/09/2011 20:56:45 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agatha Christie - Death on the Nile
Belkin N Wireless USB Adapter Setup
Big Fish Games: Game Manager
Compatibility Pack for the 2007 Office system
D3DX10
eBay
Echoes of the Past: Royal House of Stone
Email Notifier (remove only)
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
Epson Stylus SX510W_TX550W Manual
EpsonNet Print
EpsonNet Setup
Escape the Museum
Free Ride Games Player
Google Chrome
Google Earth
Google Update Helper
Hidden in Time: Mirror Mirror
Hidden Mysteries Titanic
Huawei modem
iMesh
Java(TM) 6 Update 14
Jewel Quest III (remove only)
Jolly Rover
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.1.1800
Masquerade Mysteries - Case of the Copycat Curator
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Midnight Mysteries Salem Witch Trials
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery Chronicles: Murder Among Friends
Norton Internet Security
OLYMPUS Master 2
OLYMPUS muvee theaterPack
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Samsung Master
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shutter Island
Skype(TM) Launcher
SkyPlayer for Windows Media Center
The Battle for Middle-earth (tm)
The Mystery of The Mummy
The Return of Monte Cristo
THE SETTLERS - Rise of an Empire
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Utility Common Driver
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
06/09/2011 21:42:10, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
meangreeny
Active Member
 
Posts: 5
Joined: September 6th, 2011, 5:59 pm
Advertisement
Register to Remove

Re: I've got so far - now need a little help please

Unread postby askey127 » September 9th, 2011, 8:23 am

Hi meangreeny,
You do have obsolete versions of Adobe reader, and Java runtime.
We will take care of those later.
Since you have had trouble with "sweetIM", you may have some other, sometimes related junkware, or some leftovers.
Let's check for that, and get a scan from OTL as well.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    SweetIM
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I've got so far - now need a little help please

Unread postby meangreeny » September 9th, 2011, 10:04 am

Hi askey127,

Many thanks for taking the time and trouble to help.

SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 09/09/2011 by bt2851
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*sweetim*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*sweetim*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Users\bt2851\AppData\Local\Temp\SetupDataMngr_iMesh.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108]
"00000000000000000000000000000000"="C:\Users\bt2851\AppData\Local\Temp\SetupDataMngr_iMesh.exe"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "SweetIM"
[HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM]
[HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\Toolbars\Internet Explorer\Data]
"AutoSearch"="http://search.sweetim.com/search.asp?src=2&q=%s"
[HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\Toolbars\Internet Explorer\Data]
"Toolbar Path"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\Toolbars\Internet Explorer\Data]
"OldCachePath"="C:\Users\pat\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\"

-= EOF =-


OTL logfile created on: 9/9/2011 2:48:15 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\bt2851\Desktop\Simon
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 50.26% Memory free
5.73 Gb Paging File | 4.00 Gb Available in Paging File | 69.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 31.73 Gb Free Space | 42.58% Space Free | Partition Type: NTFS
Drive D: | 74.13 Gb Total Space | 65.71 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: BT2851-TOSH | User Name: bt2851 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/09 14:32:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\bt2851\Desktop\Simon\OTL.exe
PRC - [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/05/16 20:40:40 | 001,773,568 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/09/04 15:30:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2007/05/28 17:59:42 | 000,095,800 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2006/12/20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe


========== Modules (No Company Name) ==========

MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 17:08:47 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/01/28 13:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/01/28 13:34:32 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/27 18:32:20 | 000,603,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/07/24 04:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/02 01:04:08 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/10 19:56:22 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110908.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/07 09:42:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110908.023\EX64.SYS -- (NAVEX15)
DRV - [2011/08/07 09:42:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110908.023\ENG64.SYS -- (NAVENG)
DRV - [2011/07/31 09:05:56 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/31 09:05:55 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/10 21:02:46 | 000,055,328 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 3F 4F BE 43 3E CC 01 [binary data]
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/08/21 13:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011/09/09 14:18:54 | 000,000,000 | ---D | M]

[2010/04/06 18:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bt2851\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [EPSON SX510W Series] File not found
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [Exent_SDM] File not found
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [Hidden Mysteries Titanic OLR] File not found
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [swg] File not found
O4 - HKU\S-1-5-21-3117552981-136535078-2368271655-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C}: DhcpNameServer = 100.100.0.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA85CC0-7761-41EE-A5E0-F06B4B5FC3F8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{39742860-f318-11de-bd74-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{39742860-f318-11de-bd74-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{39742884-f318-11de-bd74-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{39742884-f318-11de-bd74-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{397428e1-f318-11de-bd74-00262248e2e3}\Shell - "" = AutoRun
O33 - MountPoints2\{397428e1-f318-11de-bd74-00262248e2e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4eb614ed-1ef6-11df-a6e2-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb614ed-1ef6-11df-a6e2-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{72c17908-bbfa-11df-889b-00262248e2e3}\Shell - "" = AutoRun
O33 - MountPoints2\{72c17908-bbfa-11df-889b-00262248e2e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f40e20f-c677-11de-a53a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f40e20f-c677-11de-a53a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{a784836e-c593-11df-8590-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{a784836e-c593-11df-8590-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{7EA41EDA-CF52-4843-89D4-70C6EAF646B6}
[2011/09/07 00:42:00 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Roaming\WinBatch
[2011/09/07 00:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/07 00:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/07 00:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/07 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/09/07 00:36:23 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\Apple
[2011/09/07 00:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/07 00:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/06 23:57:56 | 000,000,000 | R--D | C] -- C:\Users\bt2851\Desktop\Simon
[2011/09/06 21:46:26 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/09/06 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/09/06 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2011/09/06 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\1133A
[2011/09/06 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Roaming\Malwarebytes
[2011/09/06 20:45:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/06 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/06 20:45:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/06 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/06 20:24:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/06 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C7E5E48E-E8BB-48A3-9196-9CD676EAF502}
[2011/09/06 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{878C881D-6CCD-4D06-B0E7-7DDB82D2C642}
[2011/09/04 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8487FA63-1D07-4E3F-AEF0-795513DAC98E}
[2011/09/04 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{0104F994-7583-47CC-A6E6-31A8D4FAE4CF}
[2011/09/03 09:38:51 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8BED7FE0-12D9-41D3-A935-5490CEBA67AC}
[2011/09/03 09:38:41 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{818AA4F7-6125-4909-B5A6-AE870E6C0885}
[2011/09/01 17:14:14 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{5E2715A5-ACD6-4524-A685-7D5B46AAC549}
[2011/09/01 17:14:03 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{DD7E1ADD-5377-4B10-BB51-0CB4739A9F27}
[2011/08/30 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{2D52993F-33EE-449D-85E7-AAF5EC6FC54A}
[2011/08/30 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{B645E426-4909-48A5-8210-0D95D83C3926}
[2011/08/29 20:10:05 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A30AC7A3-4593-452A-8B27-1D785871A748}
[2011/08/29 13:46:01 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{CE9D571C-737C-4C26-9C70-C9585B619D61}
[2011/08/29 13:41:43 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{7DD1DE99-2E46-450A-A5F6-27B8CBCA6A50}
[2011/08/29 13:30:46 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{35750C56-25C6-4DEC-8C5B-822427CD8619}
[2011/08/29 13:13:07 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{954E70CA-6041-48FA-83F2-5EC5921840F8}
[2011/08/29 13:11:29 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{B477906B-7599-4476-B637-6A519429F10F}
[2011/08/29 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{599073ED-B5EC-4A46-80D8-B629A2CFCB5F}
[2011/08/29 09:44:38 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{ABB6B809-D0C5-4216-B337-84FF512B8DC8}
[2011/08/29 09:44:36 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{4450FC94-53D0-42F0-BE1C-A8A4EBC69F72}
[2011/08/29 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{17B0E4D8-425A-470E-86E8-6C866357807C}
[2011/08/29 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{E9948AB1-7B78-424A-A91A-84274ED5EEDB}
[2011/08/29 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{90932A38-65A9-42C2-A14F-0BEBB9071291}
[2011/08/28 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{BE09B06D-6787-476B-94C5-A19C835744BE}
[2011/08/28 19:07:37 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8158AB6E-638A-4501-A2A1-EEF65CE138A3}
[2011/08/28 15:53:24 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C86E7D48-8A85-4CE6-82F9-13A841779D0F}
[2011/08/28 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\bt2851\Documents\THE SETTLERS - Rise of an Empire
[2011/08/28 15:31:35 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{F3A05D44-2E75-46DE-91FB-73425AC63321}
[2011/08/27 16:21:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A39EF699-751B-46E3-A001-66971FB2DB45}
[2011/08/27 16:20:01 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{4602FAB8-3B53-4549-89EF-CF5CE0E26DA5}
[2011/08/27 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{BD033281-1D9A-4D87-9C42-873FAE82A21E}
[2011/08/27 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{D5400B39-CBDC-4419-B0D8-261CE4DE00B2}
[2011/08/26 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{3AE660C1-9C2F-47BD-8CCA-C8EDE85EA218}
[2011/08/26 11:45:38 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{723F2C0D-56D1-4E6B-A585-0FCD5DA2B333}
[2011/08/23 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{02EB04E6-FF65-4750-ACB2-30453E238F88}
[2011/08/23 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C05BFC52-F55B-46DE-AF87-E45584F54658}
[2011/08/22 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{F69A0F1A-A30C-4F36-8A60-7FE39E2CF753}
[2011/08/22 20:21:55 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C272E64D-4491-4EE0-A477-2C82D2BD1E90}
[2011/08/21 13:23:19 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{059EB6B1-EB5C-4A7B-B02C-6C3F31D07D72}
[2011/08/21 13:21:40 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{E3C9D508-B205-4482-B2D1-2D754AFBE328}
[2011/08/20 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A92072C9-338C-46BD-B60C-A4B9E0C8D5D5}
[2011/08/16 18:56:27 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{D7134A8B-80E4-44F4-B5E2-46E2B276D9D9}
[2011/08/16 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C06D9F5B-5233-485B-A187-E67AA752C1CC}
[2011/08/16 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{499CDA11-14E6-4D3B-96A3-A5A45CD89A17}
[2011/08/15 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A783110D-C2F0-4702-B579-C664E3F58BEE}
[2011/08/15 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C28A2860-1285-4EC2-BFF2-E254A13E4FCE}
[2011/08/14 16:55:32 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C981F04B-EDBF-4667-9BB9-941E0F7CE9B6}
[2011/08/14 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{44EF57DD-8F55-4F5C-B223-65736B5F0657}
[2011/08/14 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{13596A94-35FF-43CF-B05B-94930E4B9093}
[2011/08/14 16:43:52 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C6415859-44F9-4A4A-A8F0-395D7AD1C13F}
[2011/08/14 16:43:26 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8649C58D-CC30-42CE-9784-368F98836815}
[2011/08/14 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{04B7205E-39A2-4EBF-8E80-70542C612015}
[2011/08/12 20:32:42 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8C803283-9172-44E2-8E27-134A7426B9E2}
[2011/08/12 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{723B1954-D600-4CFA-8B04-023A1BD11A3A}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/09 14:29:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 14:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/09 14:26:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 14:26:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 14:18:19 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 00:34:03 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/09/07 00:34:03 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2011/09/07 00:09:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 21:13:20 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 21:13:20 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 21:13:20 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/06 20:24:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/06 16:12:04 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 00:36:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/07 00:34:03 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2011/09/07 00:34:03 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2011/07/21 13:39:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/05/30 18:05:50 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/30 18:05:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/30 18:05:50 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2010/07/04 16:27:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/04/30 15:31:08 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/04/30 15:31:08 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/02/09 13:18:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/09 13:18:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/09 13:18:24 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/09 13:18:24 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/09 13:18:24 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/09 13:18:24 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/09 13:18:24 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/09 13:18:24 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/09 13:18:24 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/09 13:18:24 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/09 13:18:24 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/09 13:18:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/09 13:18:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/09 13:18:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/09 13:18:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/09 13:18:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/09 13:18:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/09 13:18:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/09 13:18:24 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/12/27 19:53:23 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2009/11/01 01:10:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/08/27 09:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/27 09:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/27 09:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/27 09:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2009/12/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Birdstep Technology
[2010/02/09 20:24:15 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Epson
[2010/09/19 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\ERS Game Studios
[2010/01/01 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\FloodLightGames
[2011/02/09 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\HiT-MM
[2010/12/28 12:46:39 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Lazy Turtle Games
[2010/09/19 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Ludia
[2010/11/01 17:05:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\MBT
[2010/12/02 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Merscom
[2011/01/05 19:34:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\My Battle for Middle-earth Files
[2010/12/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Orneon
[2010/01/02 22:38:13 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\PlayFirst
[2010/03/30 22:09:52 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Silverback Productions
[2011/07/08 12:38:32 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Toshiba
[2011/09/07 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\WinBatch
[2011/01/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Windows Live Writer
[2010/02/08 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\pat\AppData\Roaming\Birdstep Technology
[2010/04/25 07:29:12 | 000,000,000 | ---D | M] -- C:\Users\pat\AppData\Roaming\Epson
[2010/04/25 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\pat\AppData\Roaming\FloodLightGames
[2010/07/18 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\pat\AppData\Roaming\Toshiba
[2011/09/06 16:12:04 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2011/08/29 13:21:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/06 09:13:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/06 09:13:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/06 09:13:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/06 09:13:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/06 09:13:28 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64170090

< End of report >


OTL Extras logfile created on: 9/9/2011 2:48:15 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\bt2851\Desktop\Simon
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 50.26% Memory free
5.73 Gb Paging File | 4.00 Gb Available in Paging File | 69.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 31.73 Gb Free Space | 42.58% Space Free | Partition Type: NTFS
Drive D: | 74.13 Gb Total Space | 65.71 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: BT2851-TOSH | User Name: bt2851 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FAB0A3A-88AB-44AC-9423-B71AD4491EEE}" = The Mystery of The Mummy
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C472EED-6E3F-44C5-BBE4-40E53090CC22}" = Agatha Christie - Death on the Nile
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BFGC" = Big Fish Games: Game Manager
"BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone
"BFG-Hidden in Time - Mirror Mirror" = Hidden in Time: Mirror Mirror
"BFG-Mystery Chronicles - Murder Among Friends" = Mystery Chronicles: Murder Among Friends
"BFG-The Return of Monte Cristo" = The Return of Monte Cristo
"Email Notifier" = Email Notifier (remove only)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
"Escape the Museum1.0" = Escape the Museum
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"exent_688050" = Jolly Rover
"Google Chrome" = Google Chrome
"Hidden Mysteries Titanic" = Hidden Mysteries Titanic
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"iMesh" = iMesh
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Jewel Quest III" = Jewel Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Midnight Mysteries Salem Witch Trials" = Midnight Mysteries Salem Witch Trials
"NIS" = Norton Internet Security
"Shutter Island/EN-English_is1" = Shutter Island
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-796ad64f-8e7e-4ad9-8979-13102e6a30f8" = Masquerade Mysteries - Case of the Copycat Curator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2011 12:44:10 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 12:44:17 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 12:49:09 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 1:05:01 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 1:06:50 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 1:12:36 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2011 2:05:00 PM | Computer Name = bt2851-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/28/2011 4:32:34 PM | Computer Name = bt2851-TOSH | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14a4 Start
Time: 01cbd782d9dc81ed Termination Time: 187 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: d1683087-4379-11e0-a925-00262248e2e3

Error - 3/11/2011 1:09:50 PM | Computer Name = bt2851-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: aneomcxwrs.exe, version: 8.0.0.330, time
stamp: 0x4d4fbd62 Faulting module name: aneomcxwrs.exe, version: 8.0.0.330, time
stamp: 0x4d4fbd62 Exception code: 0xc0000005 Fault offset: 0x0000ce38 Faulting process
id: 0x1558 Faulting application start time: 0x01cbe00f217b0289 Faulting application
path: C:\Users\bt2851\AppData\Local\Temp\aneomcxwrs.exe Faulting module path: C:\Users\bt2851\AppData\Local\Temp\aneomcxwrs.exe
Report
Id: 5f6c9551-4c02-11e0-a8bd-00262248e2e3

Error - 3/11/2011 1:09:50 PM | Computer Name = bt2851-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: aneomcxwrs.exe, version: 8.0.0.330, time
stamp: 0x4d4fbd62 Faulting module name: aneomcxwrs.exe, version: 8.0.0.330, time
stamp: 0x4d4fbd62 Exception code: 0xc0000005 Fault offset: 0x0000ce38 Faulting process
id: 0xa0c Faulting application start time: 0x01cbe00f21a1188e Faulting application
path: C:\Users\bt2851\AppData\Local\Temp\aneomcxwrs.exe Faulting module path: C:\Users\bt2851\AppData\Local\Temp\aneomcxwrs.exe
Report
Id: 5f6cbc61-4c02-11e0-a8bd-00262248e2e3

[ Media Center Events ]
Error - 8/28/2011 11:34:40 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 16:34:22 - Error connecting to the internet. 16:34:22 - Unable
to contact server..

Error - 8/28/2011 11:35:29 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 16:34:50 - Error connecting to the internet. 16:34:50 - Unable
to contact server..

Error - 8/28/2011 12:35:36 PM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 17:35:36 - Error connecting to the internet. 17:35:36 - Unable
to contact server..

Error - 8/28/2011 12:35:47 PM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 17:35:41 - Error connecting to the internet. 17:35:41 - Unable
to contact server..

Error - 8/29/2011 4:40:35 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 09:40:34 - Error connecting to the internet. 09:40:35 - Unable
to contact server..

Error - 8/29/2011 4:40:45 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 09:40:40 - Error connecting to the internet. 09:40:40 - Unable
to contact server..

Error - 8/29/2011 8:02:23 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 13:02:23 - Error connecting to the internet. 13:02:23 - Unable
to contact server..

Error - 8/29/2011 8:02:36 AM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 13:02:28 - Error connecting to the internet. 13:02:28 - Unable
to contact server..

Error - 8/30/2011 2:05:45 PM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 19:05:45 - Error connecting to the internet. 19:05:45 - Unable
to contact server..

Error - 8/30/2011 2:07:58 PM | Computer Name = bt2851-TOSH | Source = MCUpdate | ID = 0
Description = 19:05:52 - Error connecting to the internet. 19:05:52 - Unable
to contact server..

[ System Events ]
Error - 8/6/2011 8:48:06 AM | Computer Name = bt2851-TOSH | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 8/6/2011 10:16:46 AM | Computer Name = bt2851-TOSH | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/16/2011 1:55:40 PM | Computer Name = bt2851-TOSH | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the BFE service.

Error - 8/29/2011 8:36:11 AM | Computer Name = bt2851-TOSH | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 9/6/2011 4:41:23 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/6/2011 4:41:23 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/6/2011 4:41:25 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/6/2011 4:41:25 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/6/2011 4:42:10 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 9/6/2011 4:42:10 PM | Computer Name = bt2851-TOSH | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.


< End of report >


I'll remove 'Unlocker' from the install since I probably won't need it any more - and update Acrobat Reader & Java.

Thanks again
meangreeny
Active Member
 
Posts: 5
Joined: September 6th, 2011, 5:59 pm

Re: I've got so far - now need a little help please

Unread postby askey127 » September 10th, 2011, 4:20 pm

meangreeny,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

iMesh

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108]
    "1A594BF8F3A4D1C4DB72F3A32B6E7636"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108]
    "00000000000000000000000000000000"=-
    [-HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM]
    [-HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\Toolbars\Internet Explorer\Data]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I've got so far - now need a little help please

Unread postby meangreeny » September 10th, 2011, 5:48 pm

OK done.
Abobe Reader & Java updated.
Unlocker removed
iMesh uninstalled
Wild Tangent games uninstalled [better safe than sorry]

OTL Run Fix Log generated immediately post reboot:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D6EAFAF19F0EB4AB2D9D734E346108 not found.
Registry key HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\ not found.
Registry key HKEY_USERS\S-1-5-21-3117552981-136535078-2368271655-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3117552981-136535078-2368271655-1001\Software\SweetIM\Toolbars\Internet Explorer\Data\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bt2851\Desktop\Simon\cmd.bat deleted successfully.
C:\Users\bt2851\Desktop\Simon\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: bt2851
->Temp folder emptied: 284115702 bytes
->Temporary Internet Files folder emptied: 43867185 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 332218314 bytes
->Flash cache emptied: 42972 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pat
->Temp folder emptied: 2781989 bytes
->Temporary Internet Files folder emptied: 28138343 bytes
->Google Chrome cache emptied: 9662257 bytes
->Flash cache emptied: 42023 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14864 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 38958968 bytes

Total Files Cleaned = 706.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.27.0 log created on 09102011_222435

Files\Folders moved on Reboot...
C:\Users\bt2851\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Quick Scan Log:

OTL logfile created on: 9/10/2011 10:30:27 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\bt2851\Desktop\Simon
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 61.73% Memory free
5.73 Gb Paging File | 4.50 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 35.98 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive D: | 74.13 Gb Total Space | 65.71 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: BT2851-TOSH | User Name: bt2851 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/09 14:32:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\bt2851\Desktop\Simon\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/11/20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/16 20:40:40 | 001,773,568 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2007/05/28 17:59:42 | 000,095,800 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2006/12/20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe


========== Modules (No Company Name) ==========

MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/20 02:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 17:08:47 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/01/28 13:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/01/28 13:34:32 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/27 18:32:20 | 000,603,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/07/24 04:00:00 | 000,052,664 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/09/02 01:04:08 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/10 19:56:22 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110909.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/07 09:42:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110909.024\EX64.SYS -- (NAVEX15)
DRV - [2011/08/07 09:42:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110909.024\ENG64.SYS -- (NAVENG)
DRV - [2011/07/31 09:05:56 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/31 09:05:55 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/10 21:02:46 | 000,055,328 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 3F 4F BE 43 3E CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/08/21 13:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011/09/10 22:27:51 | 000,000,000 | ---D | M]

[2010/04/06 18:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bt2851\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C}: DhcpNameServer = 100.100.0.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA85CC0-7761-41EE-A5E0-F06B4B5FC3F8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{39742860-f318-11de-bd74-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{39742860-f318-11de-bd74-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{39742884-f318-11de-bd74-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{39742884-f318-11de-bd74-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{397428e1-f318-11de-bd74-00262248e2e3}\Shell - "" = AutoRun
O33 - MountPoints2\{397428e1-f318-11de-bd74-00262248e2e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4eb614ed-1ef6-11df-a6e2-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb614ed-1ef6-11df-a6e2-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{72c17908-bbfa-11df-889b-00262248e2e3}\Shell - "" = AutoRun
O33 - MountPoints2\{72c17908-bbfa-11df-889b-00262248e2e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f40e20f-c677-11de-a53a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f40e20f-c677-11de-a53a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{a784836e-c593-11df-8590-701a0463f789}\Shell - "" = AutoRun
O33 - MountPoints2\{a784836e-c593-11df-8590-701a0463f789}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 22:24:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/10 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{0526F58F-1277-4522-BD0C-3CBAACBB36B7}
[2011/09/10 22:10:39 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{79E2C8CB-1F6E-46B6-89A1-67E756E3D96C}
[2011/09/10 08:21:01 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{856BD231-D506-45AC-A342-D921D026F3F6}
[2011/09/10 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A707DB15-2763-4DD3-BE6E-2FA8914C2767}
[2011/09/09 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/09 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/09/09 15:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/09 15:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/09 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{7EA41EDA-CF52-4843-89D4-70C6EAF646B6}
[2011/09/07 00:42:00 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Roaming\WinBatch
[2011/09/07 00:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/07 00:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/07 00:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/07 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/09/07 00:36:23 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\Apple
[2011/09/07 00:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/07 00:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/06 23:57:56 | 000,000,000 | ---D | C] -- C:\Users\bt2851\Desktop\Simon
[2011/09/06 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2011/09/06 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\1133A
[2011/09/06 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Roaming\Malwarebytes
[2011/09/06 20:45:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/06 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/06 20:45:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/06 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/06 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C7E5E48E-E8BB-48A3-9196-9CD676EAF502}
[2011/09/06 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{878C881D-6CCD-4D06-B0E7-7DDB82D2C642}
[2011/09/04 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8487FA63-1D07-4E3F-AEF0-795513DAC98E}
[2011/09/04 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{0104F994-7583-47CC-A6E6-31A8D4FAE4CF}
[2011/09/03 09:38:51 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8BED7FE0-12D9-41D3-A935-5490CEBA67AC}
[2011/09/03 09:38:41 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{818AA4F7-6125-4909-B5A6-AE870E6C0885}
[2011/09/01 17:14:14 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{5E2715A5-ACD6-4524-A685-7D5B46AAC549}
[2011/09/01 17:14:03 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{DD7E1ADD-5377-4B10-BB51-0CB4739A9F27}
[2011/08/30 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{2D52993F-33EE-449D-85E7-AAF5EC6FC54A}
[2011/08/30 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{B645E426-4909-48A5-8210-0D95D83C3926}
[2011/08/29 20:10:05 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A30AC7A3-4593-452A-8B27-1D785871A748}
[2011/08/29 13:46:01 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{CE9D571C-737C-4C26-9C70-C9585B619D61}
[2011/08/29 13:41:43 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/29 13:31:26 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{7DD1DE99-2E46-450A-A5F6-27B8CBCA6A50}
[2011/08/29 13:30:46 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{35750C56-25C6-4DEC-8C5B-822427CD8619}
[2011/08/29 13:13:07 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{954E70CA-6041-48FA-83F2-5EC5921840F8}
[2011/08/29 13:11:29 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{B477906B-7599-4476-B637-6A519429F10F}
[2011/08/29 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{599073ED-B5EC-4A46-80D8-B629A2CFCB5F}
[2011/08/29 09:44:38 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{ABB6B809-D0C5-4216-B337-84FF512B8DC8}
[2011/08/29 09:44:36 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{4450FC94-53D0-42F0-BE1C-A8A4EBC69F72}
[2011/08/29 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{17B0E4D8-425A-470E-86E8-6C866357807C}
[2011/08/29 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{E9948AB1-7B78-424A-A91A-84274ED5EEDB}
[2011/08/29 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{90932A38-65A9-42C2-A14F-0BEBB9071291}
[2011/08/28 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{BE09B06D-6787-476B-94C5-A19C835744BE}
[2011/08/28 19:07:37 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8158AB6E-638A-4501-A2A1-EEF65CE138A3}
[2011/08/28 15:53:24 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C86E7D48-8A85-4CE6-82F9-13A841779D0F}
[2011/08/28 15:42:40 | 000,000,000 | ---D | C] -- C:\Users\bt2851\Documents\THE SETTLERS - Rise of an Empire
[2011/08/28 15:31:35 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{F3A05D44-2E75-46DE-91FB-73425AC63321}
[2011/08/27 16:21:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A39EF699-751B-46E3-A001-66971FB2DB45}
[2011/08/27 16:20:01 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{4602FAB8-3B53-4549-89EF-CF5CE0E26DA5}
[2011/08/27 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{BD033281-1D9A-4D87-9C42-873FAE82A21E}
[2011/08/27 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{D5400B39-CBDC-4419-B0D8-261CE4DE00B2}
[2011/08/26 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{3AE660C1-9C2F-47BD-8CCA-C8EDE85EA218}
[2011/08/26 11:45:38 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{723F2C0D-56D1-4E6B-A585-0FCD5DA2B333}
[2011/08/23 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{02EB04E6-FF65-4750-ACB2-30453E238F88}
[2011/08/23 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C05BFC52-F55B-46DE-AF87-E45584F54658}
[2011/08/22 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{F69A0F1A-A30C-4F36-8A60-7FE39E2CF753}
[2011/08/22 20:21:55 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C272E64D-4491-4EE0-A477-2C82D2BD1E90}
[2011/08/21 13:23:19 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{059EB6B1-EB5C-4A7B-B02C-6C3F31D07D72}
[2011/08/21 13:21:40 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{E3C9D508-B205-4482-B2D1-2D754AFBE328}
[2011/08/20 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A92072C9-338C-46BD-B60C-A4B9E0C8D5D5}
[2011/08/16 18:56:27 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{D7134A8B-80E4-44F4-B5E2-46E2B276D9D9}
[2011/08/16 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C06D9F5B-5233-485B-A187-E67AA752C1CC}
[2011/08/16 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{499CDA11-14E6-4D3B-96A3-A5A45CD89A17}
[2011/08/15 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{A783110D-C2F0-4702-B579-C664E3F58BEE}
[2011/08/15 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C28A2860-1285-4EC2-BFF2-E254A13E4FCE}
[2011/08/14 16:55:32 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C981F04B-EDBF-4667-9BB9-941E0F7CE9B6}
[2011/08/14 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{44EF57DD-8F55-4F5C-B223-65736B5F0657}
[2011/08/14 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{13596A94-35FF-43CF-B05B-94930E4B9093}
[2011/08/14 16:43:52 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{C6415859-44F9-4A4A-A8F0-395D7AD1C13F}
[2011/08/14 16:43:26 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8649C58D-CC30-42CE-9784-368F98836815}
[2011/08/14 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{04B7205E-39A2-4EBF-8E80-70542C612015}
[2011/08/12 20:32:42 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{8C803283-9172-44E2-8E27-134A7426B9E2}
[2011/08/12 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\bt2851\AppData\Local\{723B1954-D600-4CFA-8B04-023A1BD11A3A}

========== Files - Modified Within 30 Days ==========

[2011/09/10 22:35:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 22:35:17 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 22:28:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 22:27:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/10 22:27:29 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 11:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/09 16:12:01 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011/09/09 15:28:07 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/07 00:34:03 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/09/07 00:34:03 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2011/09/06 21:13:20 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 21:13:20 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 21:13:20 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2011/09/09 15:28:06 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/09 15:28:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/07 00:36:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/07 00:34:03 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2011/09/07 00:34:03 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2011/07/21 13:39:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/05/30 18:05:50 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/30 18:05:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/30 18:05:50 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2010/07/04 16:27:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/04/30 15:31:08 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/04/30 15:31:08 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/02/09 13:18:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/09 13:18:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/09 13:18:24 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/09 13:18:24 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/09 13:18:24 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/09 13:18:24 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/09 13:18:24 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/09 13:18:24 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/09 13:18:24 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/09 13:18:24 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/09 13:18:24 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/09 13:18:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/09 13:18:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/09 13:18:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/09 13:18:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/09 13:18:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/09 13:18:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/09 13:18:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/09 13:18:24 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/12/27 19:53:23 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2009/11/01 01:10:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/08/27 09:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/27 09:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/27 09:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/27 09:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2009/12/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Birdstep Technology
[2010/02/09 20:24:15 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Epson
[2010/09/19 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\ERS Game Studios
[2010/01/01 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\FloodLightGames
[2011/02/09 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\HiT-MM
[2010/12/28 12:46:39 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Lazy Turtle Games
[2010/09/19 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Ludia
[2010/11/01 17:05:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\MBT
[2010/12/02 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Merscom
[2011/01/05 19:34:08 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\My Battle for Middle-earth Files
[2010/12/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Orneon
[2010/01/02 22:38:13 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\PlayFirst
[2010/03/30 22:09:52 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Silverback Productions
[2011/07/08 12:38:32 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Toshiba
[2011/09/07 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\WinBatch
[2011/01/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\bt2851\AppData\Roaming\Windows Live Writer
[2011/09/09 16:12:01 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2011/08/29 13:21:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64170090

< End of report >


How are we looking ?
meangreeny
Active Member
 
Posts: 5
Joined: September 6th, 2011, 5:59 pm

Re: I've got so far - now need a little help please

Unread postby askey127 » September 11th, 2011, 6:57 am

I think you are looking good.
I believe we got rid of your annoyances and improved your security.
If it looks good to you, I'm happy.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I've got so far - now need a little help please

Unread postby meangreeny » September 11th, 2011, 7:06 am

I'm happy too Thanks.

I've given out a gentle slap on the head to the laptop owner and a few basic rules to follow.

Many thanks for your time and patience. Keep on doing what you're doing - it's a worthwhile cause.

Regards,

Simon
meangreeny
Active Member
 
Posts: 5
Joined: September 6th, 2011, 5:59 pm

Re: I've got so far - now need a little help please

Unread postby askey127 » September 11th, 2011, 4:35 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware