Tech Support banner

Status
Not open for further replies.
1 - 20 of 26 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter #1
Thanks for your help here. I'm afraid I'm a bit of a novice here but I think I've followed the forum instructions with the scans and detail in this e-mail. Alsi I don't have an installation disk or a Boot CD.

The system performance is excessively slow on all applications whether opening excel or internet pages. I've done regular defrags and Kaspersky scans but nothing seems to improve. I also had added Ad-aware (Lava) and been using that to ensure no virus' or spyware that Kaspersky was missing - but I've deleted it again as the forum page instructions state only one must be present. I've also checked Task manager to see if any application is using a particularly high % of CPU usage but nothing obvious there either.

Not sure what else I could add but please ask me for anything else.

Thanks

Roy



DDS (Ver_10-12-12.02) - NTFSx86
Run by Sara at 15:38:53.64 on 09/01/2011
Internet Explorer: 8.0.6001.18999
============== Running Processes ===============

============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
StartupFolder: c:\users\sara\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2011-01-07 19:12:26 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a8306cd1-b950-4862-a5bf-04ac11941b33}\mpengine.dll
2010-12-15 19:56:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-15 19:56:24 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 19:56:24 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 19:56:23 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 19:56:19 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 19:56:13 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 19:56:13 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 19:56:12 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 19:56:12 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 19:56:12 171520 ----a-w- c:\windows\system32\taskeng.exe
==================== Find3M ====================
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
============= FINISH: 15:41:13.43 ===============
 

Attachments

·
Registered
Joined
·
1,383 Posts
Welcome to TSF :)

It looks like you edited your post. Please run dds again and post the complete log. thanks.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #4
Thanks for picking this up. Have run dds again and pasted below.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Sara at 18:02:27.89 on 18/01/2011
Internet Explorer: 8.0.6001.18999
============== Running Processes ===============

============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
StartupFolder: c:\users\sara\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2011-01-18 17:21:58 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2b5d3a68-ac60-49cb-8d08-4a6f3341a295}\mpengine.dll
2011-01-12 18:48:39 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:48:38 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 18:48:38 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 18:48:38 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 18:48:38 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 18:48:38 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 18:48:26 1169408 ----a-w- c:\windows\system32\sdclt.exe
==================== Find3M ====================
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
============= FINISH: 18:04:55.42 ===============
 

·
Registered
Joined
·
1,383 Posts
Where is the attach.txt log?

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs.
  • Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • In your next reply, please include the log from MBRChecker.
Thanks
 

·
Registered
Joined
·
15 Posts
Discussion Starter #6
I thought the attach.txt file was attached before in the Ark zip file. Had a problem running MBRCheck,exe as the Data Execution Prevention kept stopping the programme. Tried following instructions to turn off DEP but because I haven't successfully loaded it to desk top I don't know how to find this programme to check it to turn off DEP and let the programme run?
 

·
Registered
Joined
·
15 Posts
Discussion Starter #7
Now run it ok:
if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
So log shown below:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 158):
0x84E3D000 \SystemRoot\system32\ntkrnlpa.exe
0x84E0A000 \SystemRoot\system32\hal.dll
0x8060C000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\PSHED.dll
0x80624000 \SystemRoot\system32\BOOTVID.dll
0x8062C000 \SystemRoot\system32\CLFS.SYS
0x8066D000 \SystemRoot\system32\CI.dll
0x8AE02000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8B324000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B3A0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B3AD000 \SystemRoot\system32\drivers\acpi.sys
0x8B3F3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8074D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80755000 \SystemRoot\system32\drivers\pci.sys
0x8077C000 \SystemRoot\System32\drivers\partmgr.sys
0x8B3FC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8078B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80795000 \SystemRoot\system32\drivers\volmgr.sys
0x807A4000 \SystemRoot\System32\drivers\volmgrx.sys
0x807EE000 \SystemRoot\system32\drivers\pciide.sys
0x85E09000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x85E17000 \SystemRoot\System32\drivers\mountmgr.sys
0x85E27000 \SystemRoot\system32\drivers\atapi.sys
0x85E2F000 \SystemRoot\system32\drivers\ataport.SYS
0x85E4D000 \SystemRoot\system32\drivers\fltmgr.sys
0x85E7F000 \SystemRoot\system32\drivers\fileinfo.sys
0x85E8F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B402000 \SystemRoot\system32\drivers\ndis.sys
0x8B50D000 \SystemRoot\system32\drivers\msrpc.sys
0x8B538000 \SystemRoot\system32\drivers\NETIO.SYS
0x85F00000 \SystemRoot\System32\drivers\tcpip.sys
0x8B573000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71F000 \SystemRoot\system32\drivers\wd.sys
0x8B727000 \SystemRoot\system32\drivers\volsnap.sys
0x8B760000 \SystemRoot\System32\Drivers\spldr.sys
0x8B768000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8B776000 \SystemRoot\System32\Drivers\USBD.SYS
0x8B778000 \SystemRoot\System32\Drivers\mup.sys
0x8B787000 \SystemRoot\System32\drivers\ecache.sys
0x8B7AE000 \SystemRoot\system32\drivers\disk.sys
0x8B7BF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B7E0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B58E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B599000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B5A2000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8B60B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B7FE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8B5B2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B5C2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B5C9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B5D2000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B5D5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F809000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F847000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F856000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8F957000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F9E4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B5DF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FA07000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FA21000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FA30000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FA44000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FA95000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FAAD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8FAB3000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FC0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9057C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90A04000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90AA5000 \SystemRoot\System32\drivers\watchdog.sys
0x90AB1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90AC4000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x90AC9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90AD4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90B04000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x90B0D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B18000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90B47000 \SystemRoot\system32\DRIVERS\storport.sys
0x90B88000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90B93000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90BAA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90BD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90BE7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9057E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90593000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90BFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x905A3000 \SystemRoot\system32\DRIVERS\ks.sys
0x905CD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x905D7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x905E4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90C0E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90C43000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90C54000 \SystemRoot\system32\drivers\CHDRT32.sys
0x90C87000 \SystemRoot\system32\drivers\portcls.sys
0x90CB4000 \SystemRoot\system32\drivers\drmk.sys
0x90CD9000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90E01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90F04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x90FB9000 \SystemRoot\system32\drivers\modem.sys
0x90FC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90FDD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90D17000 \SystemRoot\system32\DRIVERS\klif.sys
0x90D9A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90DA3000 \SystemRoot\System32\Drivers\Null.SYS
0x90DAA000 \SystemRoot\System32\Drivers\Beep.SYS
0x90DB1000 \SystemRoot\System32\drivers\vga.sys
0x90DBD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90DDE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90DE6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90DEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90C00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x905ED000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FBD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90DF9000 \SystemRoot\system32\DRIVERS\kl2.sys
0x85FEA000 \SystemRoot\system32\DRIVERS\smb.sys
0x91406000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91438000 \SystemRoot\system32\drivers\afd.sys
0x91480000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91496000 \SystemRoot\system32\DRIVERS\klim6.sys
0x9149E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x914AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x914BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x914FB000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x91524000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
0x9152C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91536000 \SystemRoot\System32\Drivers\dfsc.sys
0x9154D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9155A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91565000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9CA40000 \SystemRoot\System32\win32k.sys
0x9156D000 \SystemRoot\System32\drivers\Dxapi.sys
0x91577000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CC60000 \SystemRoot\System32\TSDDD.dll
0x9CC80000 \SystemRoot\System32\cdd.dll
0x91586000 \SystemRoot\system32\drivers\luafv.sys
0x82A09000 \SystemRoot\system32\drivers\spsys.sys
0x82AB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82AC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82AF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82AFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82B10000 \SystemRoot\system32\drivers\HTTP.sys
0x82B7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82B9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x82BB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x82BC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x915A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x83200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x83239000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x83251000 \SystemRoot\System32\DRIVERS\srv2.sys
0x83279000 \SystemRoot\System32\DRIVERS\srv.sys
0x832DF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x832E3000 \SystemRoot\system32\drivers\peauth.sys
0x833C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x833CB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x833D7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x833E1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C00000 \Windows\System32\ntdll.dll
Processes (total 78):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
616 csrss.exe
668 C:\Windows\System32\wininit.exe
680 csrss.exe
720 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\winlogon.exe
1008 C:\Windows\System32\nvvsvc.exe
1044 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1156 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1248 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1404 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\SLsvc.exe
1476 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
2004 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
284 C:\Program Files\Bonjour\mDNSResponder.exe
500 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
620 C:\Windows\System32\svchost.exe
904 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
2320 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2360 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2432 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\svchost.exe
2560 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2696 C:\Windows\System32\SearchIndexer.exe
2744 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2792 C:\Windows\System32\drivers\XAudio.exe
2848 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3116 C:\Program Files\Canon\CAL\CALMAIN.exe
3176 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe
3452 C:\Windows\System32\nvvsvc.exe
3880 C:\Windows\System32\taskeng.exe
3976 C:\Windows\System32\taskeng.exe
3992 C:\Windows\System32\dwm.exe
4024 C:\Windows\explorer.exe
1228 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
2380 C:\Program Files\Hp\QuickPlay\QPService.exe
3540 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3524 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2592 C:\Program Files\Windows Defender\MSASCui.exe
3148 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3188 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
3420 C:\Program Files\iTunes\iTunesHelper.exe
3108 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4072 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1488 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2180 C:\Windows\ehome\ehtray.exe
3760 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2040 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2140 C:\Windows\ehome\ehmsas.exe
4892 C:\Windows\System32\SearchProtocolHost.exe
5500 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5632 C:\Program Files\iPod\bin\iPodService.exe
5848 C:\Program Files\Internet Explorer\iexplore.exe
5932 C:\Program Files\Internet Explorer\iexplore.exe
6100 C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
6132 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
3432 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
3868 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
4512 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5304 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3696 C:\Windows\HelpPane.exe
2060 taskeng.exe
5012 <unknown>
4876 C:\Windows\System32\SearchProtocolHost.exe
2288 taskeng.exe
2264 C:\Users\Sara\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`58a7c800 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
 

·
Registered
Joined
·
1,383 Posts
  1. Double-Click on MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:.
  3. Please press 'Y' key and press Enter.
  4. When program ask you Enter your Choice: Press '1' (dumb mbr to file) and press Enter.
  5. Next prompt "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Press 0 and press Enter
  7. Name the file as mbrdump and press Enter.
  8. Type -1 to exit
  9. Press Enter to exit MBRCheck.exe.
  10. In your next reply, please upload C:\mbrdump Here.
 

·
Registered
Joined
·
1,383 Posts
Okay your mbr is clean. Lets look a little deeper.

  • Download OTL.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under the Extra Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #11
Ok run OTL now and the content of two files are shown below.

OLT.Txt=

OTL logfile created on: 26/01/2011 08:05:17 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.39 Gb Total Space | 120.98 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 11.50 Gb Total Space | 2.04 Gb Free Space | 17.77% Space Free | Partition Type: NTFS

Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/26 07:57:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
PRC - [2010/10/15 15:07:33 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/15 15:01:11 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/09/22 13:19:36 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/07/01 20:34:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/03 20:12:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/01/26 07:57:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/15 15:07:33 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 17:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/10/15 15:07:33 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/05 15:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/20 15:37:38 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/09 22:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 17:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 14:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 11:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 11:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 11:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 05:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 02:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 21:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 21:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 23:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 07:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/19 02:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D E5 15 A3 FA 4D CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 06:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/10/15 14:49:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BluePhone Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sara\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sara\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/26 03:07:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1ed59d74-dfd9-11dd-a0aa-001e6858d6d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed59d74-dfd9-11dd-a0aa-001e6858d6d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/26 07:57:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2011/01/23 21:40:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/22 19:25:27 | 000,000,000 | ---D | C] -- C:\Users\Sara\Documents\New Folder
[2011/01/12 18:48:39 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 18:48:26 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/26 07:57:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2011/01/26 07:50:13 | 000,000,159 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/26 07:49:22 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/26 07:48:54 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/26 07:48:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/26 07:48:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/26 07:48:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/26 07:48:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/25 22:24:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/25 22:12:48 | 000,000,512 | ---- | M] () -- C:\Users\Sara\Desktop\mbrdump
[2011/01/25 22:05:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0EB641F6-D73F-4CC6-A047-50745B0C0F42}.job
[2011/01/23 21:39:56 | 335,849,484 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/22 19:27:34 | 000,080,384 | ---- | M] () -- C:\Users\Sara\Desktop\MBRCheck.exe
[2011/01/22 15:49:11 | 000,152,576 | ---- | M] () -- C:\Users\Sara\Desktop\Roys Bank(1).xlsx
[2011/01/22 11:24:51 | 000,017,408 | ---- | M] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 21:19:19 | 000,004,624 | ---- | M] () -- C:\Users\Sara\Desktop\ark.zip
[2011/01/09 15:45:52 | 000,288,107 | ---- | M] () -- C:\Users\Sara\Desktop\gmer.zip
[2011/01/09 15:38:15 | 000,624,128 | ---- | M] () -- C:\Users\Sara\Desktop\dds.scr
[2011/01/09 10:22:25 | 001,183,218 | ---- | M] () -- C:\Users\Sara\Desktop\SRI%202011-%20Sri%20Lanka,%20A%20land%20like%20no%20other.pdf
[2010/12/28 15:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/28 01:43:04 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSara.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/25 22:12:48 | 000,000,512 | ---- | C] () -- C:\Users\Sara\Desktop\mbrdump
[2011/01/23 21:39:56 | 335,849,484 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/22 19:27:32 | 000,080,384 | ---- | C] () -- C:\Users\Sara\Desktop\MBRCheck.exe
[2011/01/09 21:19:19 | 000,004,624 | ---- | C] () -- C:\Users\Sara\Desktop\ark.zip
[2011/01/09 15:45:49 | 000,288,107 | ---- | C] () -- C:\Users\Sara\Desktop\gmer.zip
[2011/01/09 15:38:07 | 000,624,128 | ---- | C] () -- C:\Users\Sara\Desktop\dds.scr
[2011/01/09 10:22:25 | 001,183,218 | ---- | C] () -- C:\Users\Sara\Desktop\SRI%202011-%20Sri%20Lanka,%20A%20land%20like%20no%20other.pdf
[2010/06/13 21:00:35 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/13 07:51:39 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2010/06/13 07:51:39 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2010/06/12 14:00:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/06/12 13:45:07 | 000,000,025 | ---- | C] () -- C:\Windows\CDE RX420EI.ini
[2010/05/12 19:58:59 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/12 19:58:59 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/17 15:02:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/25 13:55:41 | 000,000,000 | ---- | C] () -- C:\Users\Sara\AppData\Local\FnF4.txt
[2009/07/05 20:13:55 | 000,007,272 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/01/18 11:59:49 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/18 11:59:49 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/15 22:47:17 | 000,017,408 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/06 20:41:38 | 000,000,094 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\wklnhst.dat
[2008/06/09 21:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/06/09 09:05:13 | 000,007,808 | ---- | C] () -- C:\Users\Sara\AppData\Local\d3d9caps.dat
[2008/06/09 08:50:56 | 000,041,192 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\nvModes.001
[2008/06/09 06:21:49 | 000,041,192 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\nvModes.dat
[2008/06/08 13:53:53 | 000,000,000 | ---- | C] () -- C:\Users\Sara\AppData\Local\QSwitch.txt
[2008/06/08 13:53:53 | 000,000,000 | ---- | C] () -- C:\Users\Sara\AppData\Local\DSwitch.txt
[2008/06/08 13:53:53 | 000,000,000 | ---- | C] () -- C:\Users\Sara\AppData\Local\AtStart.txt
[2008/04/24 19:40:38 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 22:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2008/07/21 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\7Wonders
[2010/11/22 22:15:20 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\AVG10
[2009/07/07 20:56:12 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Canon
[2010/06/28 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\EPSON
[2008/07/06 07:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\iWin
[2010/06/15 19:13:24 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Smart Panel
[2010/03/08 21:48:16 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\SmartDraw
[2008/10/06 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Template
[2010/02/22 08:35:10 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Trusteer
[2008/06/08 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\WildTangent
[2011/01/25 22:32:15 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/25 22:05:20 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0EB641F6-D73F-4CC6-A047-50745B0C0F42}.job
[2010/06/02 08:08:22 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{93A5E7A9-2AC9-49E8-ADAD-8E62BA57F332}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/01/09 09:49:52 | 000,161,351 | ---- | M] () -- C:\aaw7boot.log
[2008/02/26 03:07:32 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/26 02:44:22 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2011/01/26 07:48:11 | 2460,205,056 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 09:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2010/07/01 20:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2008/01/19 07:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/05 21:01:08 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


and Extras.Txt =

OTL Extras logfile created on: 26/01/2011 08:05:17 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.39 Gb Total Space | 120.98 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 11.50 Gb Total Space | 2.04 Gb Free Space | 17.77% Space Free | Partition Type: NTFS

Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E263191-2D55-4331-B97F-AEBA2E8A2CF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EC21400-FB14-4DE6-9037-BA3A656CED86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{42FC3355-FEC8-46B7-BAEB-8ECA92E12318}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F2F0061-0E49-488F-924A-FF661C91A227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{511560F2-013C-4D58-8362-2B166F77CBC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{77B7D770-5DAB-4AF8-9672-EC770A5FAFD9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{884875CB-B3ED-4882-A11F-08241A65B1E2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BF08A239-3D7C-42EF-8E3D-8005FB27F24A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2BA27A8-2B87-46E2-8F7F-595E433C5CC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CAFF9A91-3058-406E-B35C-5B75CAC6A6B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC510A9C-9EBB-443D-B0F4-2F9E1BCE08B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB9BFBD0-F2F3-4FB8-9C3C-7D65C68332A9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2E633C2B-70F8-49CE-A0B8-A08DDDE0DAD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{30002A12-BC48-49F8-95AD-0AA511E24C80}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3713C325-6313-4E56-9B27-04398FA595F3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{489A299F-BDAD-48C8-A164-3F4D486EDECB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4BEAAD4B-24C3-41DF-AE84-67234A37E562}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{61757995-1165-45A1-BF77-8988853EB273}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6638D450-0D95-444B-92B6-0F456F25B802}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6FE90AC0-68E3-45B6-8D9F-585CB0EFE2DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70FCACCE-7763-48EC-99CB-DC7215B73012}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{777B38CC-091F-45EE-8EA3-ED1DB15DAE94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7908B838-B87B-4443-9B05-79A6B731E821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{83BC555F-DDC1-438B-88E9-99797003222A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92705697-E518-43E3-8A76-088893AF8CA8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A2FEC12A-278A-43E1-AD5D-229B02930F44}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{ABCD85FD-C8F1-414B-A286-AA08AB347E6B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D5717A48-F34F-4902-AFDE-355D0DE77EED}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D579A03F-AA29-4FF4-B843-BD433B079908}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{14BB09BE-47B3-4F29-97C5-912F86A78D93}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{7EC6A270-0BA1-4571-B2A2-9AC3397CED12}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AOL Toolbar" = AOL Toolbar 5.0
"AVS DVD Copy_is1" = AVS DVD Copy version 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS VideotoGO_is1" = AVS Video to GO
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX420 Reference Guide" = ESPRX420 Reference Guide
"ESPRX420 Software Guide" = ESPRX420 Software Guide
"Free Window Registry Repair" = Free Window Registry Repair
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Norton PC Checkup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rapport_msi" = Rapport
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2010 14:34:39 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0007999d, process id 0x17ec, application
start time 0x01ca9b90a7d5204d.

Error - 22/01/2010 14:34:57 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x001579a2, process id 0xec0, application
start time 0x01ca9b8ede7f1f8d.

Error - 22/01/2010 14:35:19 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0007999d, process id 0xec0, application
start time 0x01ca9b8ede7f1f8d.

Error - 06/02/2010 19:49:39 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed,
exception code 0xc0000005, fault offset 0x0015843d, process id 0x16b4, application
start time 0x01caa7856cb9d5b1.

Error - 07/02/2010 15:30:18 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00039747, process id 0xbb0, application
start time 0x01caa828c1e5c6e0.

Error - 15/02/2010 18:50:41 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0003974e, process id 0xe34, application
start time 0x01caae90e62001f5.

Error - 17/02/2010 18:24:43 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module SkypeIEPlugin.dll_unloaded, version 0.0.0.0, time stamp
0x4a77e4da, exception code 0xc0000005, fault offset 0x060e3f2b, process id 0x6dc,
application start time 0x01cab015414f4800.

Error - 21/02/2010 07:04:50 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application CALMAIN.exe, version 8.1.0.14, time stamp 0x433d11f9,
faulting module CALMAIN.exe, version 8.1.0.14, time stamp 0x433d11f9, exception
code 0xc0000005, fault offset 0x00001fc9, process id 0xbd8, application start time
0x01cab2e5ad6e14c9.

Error - 22/02/2010 18:47:47 | Computer Name = Sara-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 22/02/2010 19:01:05 | Computer Name = Sara-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module SkypeIEPlugin.dll_unloaded, version 0.0.0.0, time stamp
0x4a77e4da, exception code 0xc0000005, fault offset 0x06633f2b, process id 0x10b0,
application start time 0x01cab4122062b800.

[ System Events ]
Error - 23/01/2011 17:41:35 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 23/01/2011 17:41:35 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/01/2011 15:23:46 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/01/2011 15:23:46 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 25/01/2011 05:03:32 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/01/2011 05:03:32 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 25/01/2011 18:02:13 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/01/2011 18:02:13 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/01/2011 03:49:51 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/01/2011 03:49:51 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Thanks
 

·
Registered
Joined
·
15 Posts
Discussion Starter #13
when I try to upload it won't let me with the following message:

"Mini012311-01.dmp
You don't have permission to open this file

Contact the file owner or an administrator to obtain permission"

Same message for the 2nd file MEMORY.dmp

How do I get round this issue to upload the files?
 

·
Registered
Joined
·
15 Posts
Discussion Starter #15
sorry but I'm still getting the same problem. The link works and allows me to get as far as browsing to find the windows files but when I try and click on say memory.dmp I still get the message I had previously of access denied?
 

·
Registered
Joined
·
1,383 Posts
is this the folder the file is located in?

C:\Windows\Minidump\Mini012311-01.dmp

If so, go to Start ---> Run ---> Type cmd and press enter

Windows command prompt will appear.

Type the following

attrib -h -r -a -s c:\windows\minidump\mini012311-01.dmp

press enter. Let me know of any errors.
 

·
Registered
Joined
·
15 Posts
Discussion Starter #19
same error messages in trying to upload to beleeping computer and also when following the 'cmd' route.
 
1 - 20 of 26 Posts
Status
Not open for further replies.
Top