Spyware Trojan
- Thread starter perfectm
- Start date
Latest Log- computer still slow!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\pnw\Desktop\Scanner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.genie.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.genie.co.uk
O15 - Trusted Zone: http://www.skillstrain-online.com
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 5177 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\pnw\Desktop\Scanner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.genie.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.genie.co.uk
O15 - Trusted Zone: http://www.skillstrain-online.com
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 5177 bytes
ceewi1
VIP Member
It appears that the infection has been removed.
Please click on Start -> Run. Type ComboFix /u and click OK.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created as well as the program itself.
Please download OTCleanIt and save it to desktop.
With regards to your speed problems, please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the right-hand side. Then copy the URL provided and post it here for me.
Please click on Start -> Run. Type ComboFix /u and click OK.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created as well as the program itself.
Please download OTCleanIt and save it to desktop.
- Double-click OTCleanIt.exe.
- Click the CleanUp! button.
- Select Yes when the Begin cleanup Process? prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
With regards to your speed problems, please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the right-hand side. Then copy the URL provided and post it here for me.
ceewi1
VIP Member
OK, try running a speed test at http://www.speedtest.net/ so that we can get some exact numbers. What sort of Internet connection do you have?
With regards to PCPitstop, try updating your video drivers and see if that makes a difference.
Given the length of time it's been since your last logs, I'd like to see a few new ones.
Download OTViewIt to your desktop.
Please also post a new HijackThis log.
With regards to PCPitstop, try updating your video drivers and see if that makes a difference.
Given the length of time it's been since your last logs, I'd like to see a few new ones.
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
Please also post a new HijackThis log.
Latest Logs
OTViewIt logfile created on: 04/09/2008 17:39:44 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\pnw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 78.45 Mb Available Physical Memory | 40.97% Memory free
466.70 Mb Paging File | 287.69 Mb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.90 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PETE
Current User Name: pnw
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
===== Processes - Non-Microsoft Only =====
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
[03/04/2004 03:41 PM | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.) - C:\Program Files\WinZip\WZQKPICK.EXE
[03/03/2006 12:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
===== Win32 Services - Non-Microsoft Only =====
(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
(CFSvcs) ConfigFree Service [Auto | Running]
[03/04/2004 03:41 PM | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
===== Driver Services - Non-Microsoft Only =====
(AgereSoftModem) TOSHIBA V92 Software Modem [On_Demand | Running]
[02/20/2004 02:00 PM | 01,265,388 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys
(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/24/2004 10:08 AM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
(AR5211) Atheros Wireless Network Adapter Service [On_Demand | Stopped]
[05/28/2004 10:45 AM | 00,390,944 | ---- | M] (Atheros Communications, Inc.) - C:\WINDOWS\system32\drivers\ar5211.sys
(DevUpper) TI UltraMedia CardBus Controller Filter Driver [Boot | Running]
[12/10/2002 03:13 PM | 00,007,552 | ---- | M] (Texas Instruments Inc.) - C:\WINDOWS\system32\drivers\tiumflt.sys
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped]
[03/24/2006 04:53 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Auto | Running]
[01/29/2003 01:35 PM | 00,012,032 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\Netdevio.sys
(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Stopped]
[12/05/2003 06:53 PM | 00,068,352 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/04/2004 05:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\rtl8139.sys
(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27bus.sys
(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [On_Demand | Stopped]
[04/28/2006 03:25 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdfl.sys
(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [On_Demand | Stopped]
[04/28/2006 03:25 PM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdm.sys
(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[04/28/2006 03:26 PM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mgmt.sys
(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27nd5.sys
(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [On_Demand | Stopped]
[04/28/2006 03:27 PM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27obex.sys
(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27unic.sys
(Ser2pl) MAT Serial port driver [On_Demand | Stopped]
[07/16/2003 06:27 AM | 00,043,264 | R--- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\drivers\ser2pl.sys
(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Running]
[11/05/2002 03:00 PM | 00,039,424 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys
(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[01/22/2004 04:04 PM | 00,178,816 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys
(tiumfwl) tiumfwl [On_Demand | Stopped]
[02/18/2003 06:02 PM | 00,042,092 | ---- | M] (Texas Instruments Inc.) - C:\WINDOWS\system32\drivers\tiumfwl.sys
(TVALD) Toshiba Mobile PC Service [On_Demand | Running]
[02/27/2004 12:31 AM | 00,004,224 | ---- | M] (Toshiba Corporation) - C:\WINDOWS\system32\drivers\NBSMI.sys
========== Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Pitstop Optimize Reminder" = C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
========== Startup Folders ==========
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
[pnw Startup Folder - C:\Documents and Settings\pnw\Start Menu\Programs\Startup]
========== BHO's ==========
========== Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [09/29/2006 11:53 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
========== AppInit_Dlls ==========
========== HKLM Security Providers ==========
========== HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [06/13/2007 10:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [08/04/2004 07:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [08/04/2004 07:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [10/26/2007 03:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [08/04/2004 07:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
========== User's Winlogon Settings ==========
========== Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [03/09/2004 07:27 PM | 00,086,016 | ---- | M] ()
========== Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"disableregistrytools" = 0
========== Lsa Authentication Packages ==========
========== Lsa Security Packages ==========
========== Desktop Components ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = ""
"Source" = ""
"SubscribedURL" = ""
========== Safeboot Options ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
========== Disabled MsConfig Items ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"item" = Adobe Gamma Loader
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/04/1999 03:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"location" = Common Startup
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma Loader.lnk File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"item" = WinZip Quick Pick
"command" = C:\Program Files\WinZip\WZQKPICK.EXE [04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.)
"location" = Common Startup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_wcm_McciTrayApp]
"item" = btbb_wcm_McciTrayApp
"command" = C:\Program Files\btbb_wcm\McciTrayApp.exe [12/29/2005 10:22 AM | 00,543,232 | ---- | M] (Motive Communications, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"item" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 07:56 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"command" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 07:56 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeviceDiscovery]
"item" = DeviceDiscovery
"command" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [05/21/2003 05:37 PM | 00,229,437 | ---- | M] (Hewlett-Packard)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent]
"item" = H/PC Connection Agent
"command" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [09/01/2003 10:52 AM | 00,376,912 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"item" = HP Software Update
"command" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [06/25/2003 10:24 AM | 00,049,152 | ---- | M] (Hewlett-Packard)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ioloDelayModule]
"item" = ioloDelayModule
"command" = C:\Program Files\iolo\System Mechanic Professional 6\Delay.exe [06/08/2005 08:31 PM | 00,096,256 | ---- | M] ()
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge]
"item" = Motive SmartBridge
"command" = C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe [02/06/2006 05:52 PM | 00,462,935 | ---- | M] (Motive)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"item" = MSMSGS
"command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 04:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"item" = SDTray
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer]
"item" = SMSystemAnalyzer
"command" = C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe [12/20/2006 04:47 PM | 00,557,056 | ---- | M] ()
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"item" = SynTPEnh
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [01/22/2004 04:08 PM | 00,495,616 | ---- | M] (Synaptics, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"item" = SynTPLpr
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [01/22/2004 04:09 PM | 00,098,304 | ---- | M] (Synaptics, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOSCDSPD]
"item" = TOSCDSPD
"command" = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [09/05/2003 02:24 AM | 00,065,536 | ---- | M] (TOSHIBA)
"hkey" = HKEY_CURRENT_USER
"key" = Run
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3145e705-f591-11dc-8b6e-d00cde7a7b61}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e413c4-441d-11dc-8a60-f67c44f1dcb7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88f66cb-ede7-11dc-8b65-ac5f460e2baa}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc3347f6-d646-11db-89f8-9d9f0a8e40b0}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc3347f7-d646-11db-89f8-9d9f0a8e40b0}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b2bc30-775b-11dd-8c2f-0218f65c501d}\Shell]
"" = AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun
========== DNS Name Servers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{274D4655-CFBA-497F-B736-90617712061B}]
Servers: | Description: Thomson ST Remote NDIS Device
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6D3BAC9E-B4CC-4B44-B1BF-B9B5F9383EE0}]
Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{80A29970-8844-400B-8EDB-4BD790710F99}]
Servers: | Description: 1394 Net Adapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AF36FD5E-C27D-43B6-9B78-CDC5DA660868}]
Servers: | Description: Thomson ST Remote NDIS Device
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6D3DEA3-E736-41E7-A31E-E94F63FAFE02}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC
========== Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== Files/Folders - Created Within 30 days ==========
[08/05/2008 08:53 PM | -HSD | C] - C:\RECYCLER
[08/23/2008 10:08 PM | 00,001,374 | ---- | C] () - C:\WINDOWS\imsins.BAK
[08/31/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\PCPitstop
[08/31/2008 12:56 PM | ---D | C] - C:\Documents and Settings\pnw\Application Data\U3
[08/05/2008 08:51 PM | ---D | C] - C:\Documents and Settings\pnw\Desktop\backups
[09/03/2008 06:41 PM | 00,012,656 | ---- | C] () - C:\Documents and Settings\pnw\Desktop\Flint Labour Party.docx
[09/04/2008 05:38 PM | 00,010,051 | ---- | C] () - C:\Documents and Settings\pnw\Desktop\a href.docx
========== Files - Modified Within 30 days ==========
[09/04/2008 05:03 PM | 20,085,5552 | -HS- | M] () - C:\hiberfil.sys
[2 C:\WINDOWS\System32\*.tmp files]
[09/03/2008 06:16 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files]
[08/24/2008 12:47 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/31/2008 07:20 PM | 00,000,669 | ---- | M] () - C:\WINDOWS\win.ini
[09/04/2008 05:03 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/29/2008 03:12 PM | 00,000,554 | ---- | M] () - C:\WINDOWS\SysMech6.INI
[09/04/2008 05:03 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/04/2008 05:03 PM | 00,000,434 | ---- | M] () - C:\WINDOWS\tasks\RegCure Program Check.job
[09/04/2008 05:04 PM | 00,000,444 | ---- | M] () - C:\WINDOWS\tasks\XoftSpySE 2.job
[08/12/2008 05:18 PM | 00,052,275 | ---- | M] () - C:\Documents and Settings\pnw\My Documents\My book 2008.rtf
[09/03/2008 06:41 PM | 00,012,656 | ---- | M] () - C:\Documents and Settings\pnw\Desktop\Flint Labour Party.docx
[09/04/2008 05:38 PM | 00,010,051 | ---- | M] () - C:\Documents and Settings\pnw\Desktop\a href.docx
< End of report >
OTViewIt logfile created on: 04/09/2008 17:39:44 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\pnw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 78.45 Mb Available Physical Memory | 40.97% Memory free
466.70 Mb Paging File | 287.69 Mb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.90 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PETE
Current User Name: pnw
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
===== Processes - Non-Microsoft Only =====
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
[03/04/2004 03:41 PM | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.) - C:\Program Files\WinZip\WZQKPICK.EXE
[03/03/2006 12:18 PM | 00,200,704 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ycommon.exe
===== Win32 Services - Non-Microsoft Only =====
(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[03/09/2004 07:27 PM | 00,397,312 | ---- | M] () - C:\WINDOWS\system32\ati2evxx.exe
(CFSvcs) ConfigFree Service [Auto | Running]
[03/04/2004 03:41 PM | 00,028,672 | ---- | M] (TOSHIBA CORPORATION) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
===== Driver Services - Non-Microsoft Only =====
(AgereSoftModem) TOSHIBA V92 Software Modem [On_Demand | Running]
[02/20/2004 02:00 PM | 01,265,388 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys
(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/24/2004 10:08 AM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
(AR5211) Atheros Wireless Network Adapter Service [On_Demand | Stopped]
[05/28/2004 10:45 AM | 00,390,944 | ---- | M] (Atheros Communications, Inc.) - C:\WINDOWS\system32\drivers\ar5211.sys
(DevUpper) TI UltraMedia CardBus Controller Filter Driver [Boot | Running]
[12/10/2002 03:13 PM | 00,007,552 | ---- | M] (Texas Instruments Inc.) - C:\WINDOWS\system32\drivers\tiumflt.sys
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped]
[03/24/2006 04:53 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Auto | Running]
[01/29/2003 01:35 PM | 00,012,032 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\Netdevio.sys
(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Stopped]
[12/05/2003 06:53 PM | 00,068,352 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/04/2004 05:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\rtl8139.sys
(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27bus.sys
(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [On_Demand | Stopped]
[04/28/2006 03:25 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdfl.sys
(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [On_Demand | Stopped]
[04/28/2006 03:25 PM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdm.sys
(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[04/28/2006 03:26 PM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mgmt.sys
(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27nd5.sys
(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [On_Demand | Stopped]
[04/28/2006 03:27 PM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27obex.sys
(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [On_Demand | Stopped]
[04/28/2006 03:24 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27unic.sys
(Ser2pl) MAT Serial port driver [On_Demand | Stopped]
[07/16/2003 06:27 AM | 00,043,264 | R--- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\drivers\ser2pl.sys
(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Running]
[11/05/2002 03:00 PM | 00,039,424 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys
(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[01/22/2004 04:04 PM | 00,178,816 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys
(tiumfwl) tiumfwl [On_Demand | Stopped]
[02/18/2003 06:02 PM | 00,042,092 | ---- | M] (Texas Instruments Inc.) - C:\WINDOWS\system32\drivers\tiumfwl.sys
(TVALD) Toshiba Mobile PC Service [On_Demand | Running]
[02/27/2004 12:31 AM | 00,004,224 | ---- | M] (Toshiba Corporation) - C:\WINDOWS\system32\drivers\NBSMI.sys
========== Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Pitstop Optimize Reminder" = C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
========== Startup Folders ==========
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
[pnw Startup Folder - C:\Documents and Settings\pnw\Start Menu\Programs\Startup]
========== BHO's ==========
========== Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [09/29/2006 11:53 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
========== AppInit_Dlls ==========
========== HKLM Security Providers ==========
========== HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [06/13/2007 10:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [08/04/2004 07:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [08/04/2004 07:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [10/26/2007 03:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [08/04/2004 07:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
========== User's Winlogon Settings ==========
========== Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [03/09/2004 07:27 PM | 00,086,016 | ---- | M] ()
========== Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"disableregistrytools" = 0
========== Lsa Authentication Packages ==========
========== Lsa Security Packages ==========
========== Desktop Components ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = ""
"Source" = ""
"SubscribedURL" = ""
========== Safeboot Options ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
========== Disabled MsConfig Items ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"item" = Adobe Gamma Loader
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/04/1999 03:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"location" = Common Startup
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma Loader.lnk File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"item" = WinZip Quick Pick
"command" = C:\Program Files\WinZip\WZQKPICK.EXE [04/28/2008 11:20 AM | 00,415,072 | R--- | M] (WinZip Computing, S.L.)
"location" = Common Startup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_wcm_McciTrayApp]
"item" = btbb_wcm_McciTrayApp
"command" = C:\Program Files\btbb_wcm\McciTrayApp.exe [12/29/2005 10:22 AM | 00,543,232 | ---- | M] (Motive Communications, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"item" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 07:56 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"command" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 07:56 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeviceDiscovery]
"item" = DeviceDiscovery
"command" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [05/21/2003 05:37 PM | 00,229,437 | ---- | M] (Hewlett-Packard)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent]
"item" = H/PC Connection Agent
"command" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [09/01/2003 10:52 AM | 00,376,912 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"item" = HP Software Update
"command" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [06/25/2003 10:24 AM | 00,049,152 | ---- | M] (Hewlett-Packard)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ioloDelayModule]
"item" = ioloDelayModule
"command" = C:\Program Files\iolo\System Mechanic Professional 6\Delay.exe [06/08/2005 08:31 PM | 00,096,256 | ---- | M] ()
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge]
"item" = Motive SmartBridge
"command" = C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe [02/06/2006 05:52 PM | 00,462,935 | ---- | M] (Motive)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"item" = MSMSGS
"command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 04:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"item" = SDTray
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer]
"item" = SMSystemAnalyzer
"command" = C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe [12/20/2006 04:47 PM | 00,557,056 | ---- | M] ()
"hkey" = HKEY_CURRENT_USER
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"item" = SynTPEnh
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [01/22/2004 04:08 PM | 00,495,616 | ---- | M] (Synaptics, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"item" = SynTPLpr
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [01/22/2004 04:09 PM | 00,098,304 | ---- | M] (Synaptics, Inc.)
"hkey" = HKLM
"key" = Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOSCDSPD]
"item" = TOSCDSPD
"command" = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [09/05/2003 02:24 AM | 00,065,536 | ---- | M] (TOSHIBA)
"hkey" = HKEY_CURRENT_USER
"key" = Run
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3145e705-f591-11dc-8b6e-d00cde7a7b61}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e413c4-441d-11dc-8a60-f67c44f1dcb7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88f66cb-ede7-11dc-8b65-ac5f460e2baa}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc3347f6-d646-11db-89f8-9d9f0a8e40b0}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc3347f7-d646-11db-89f8-9d9f0a8e40b0}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b2bc30-775b-11dd-8c2f-0218f65c501d}\Shell]
"" = AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun
========== DNS Name Servers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{274D4655-CFBA-497F-B736-90617712061B}]
Servers: | Description: Thomson ST Remote NDIS Device
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6D3BAC9E-B4CC-4B44-B1BF-B9B5F9383EE0}]
Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{80A29970-8844-400B-8EDB-4BD790710F99}]
Servers: | Description: 1394 Net Adapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AF36FD5E-C27D-43B6-9B78-CDC5DA660868}]
Servers: | Description: Thomson ST Remote NDIS Device
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6D3DEA3-E736-41E7-A31E-E94F63FAFE02}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC
========== Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== Files/Folders - Created Within 30 days ==========
[08/05/2008 08:53 PM | -HSD | C] - C:\RECYCLER
[08/23/2008 10:08 PM | 00,001,374 | ---- | C] () - C:\WINDOWS\imsins.BAK
[08/31/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\PCPitstop
[08/31/2008 12:56 PM | ---D | C] - C:\Documents and Settings\pnw\Application Data\U3
[08/05/2008 08:51 PM | ---D | C] - C:\Documents and Settings\pnw\Desktop\backups
[09/03/2008 06:41 PM | 00,012,656 | ---- | C] () - C:\Documents and Settings\pnw\Desktop\Flint Labour Party.docx
[09/04/2008 05:38 PM | 00,010,051 | ---- | C] () - C:\Documents and Settings\pnw\Desktop\a href.docx
========== Files - Modified Within 30 days ==========
[09/04/2008 05:03 PM | 20,085,5552 | -HS- | M] () - C:\hiberfil.sys
[2 C:\WINDOWS\System32\*.tmp files]
[09/03/2008 06:16 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files]
[08/24/2008 12:47 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/31/2008 07:20 PM | 00,000,669 | ---- | M] () - C:\WINDOWS\win.ini
[09/04/2008 05:03 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/29/2008 03:12 PM | 00,000,554 | ---- | M] () - C:\WINDOWS\SysMech6.INI
[09/04/2008 05:03 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/04/2008 05:03 PM | 00,000,434 | ---- | M] () - C:\WINDOWS\tasks\RegCure Program Check.job
[09/04/2008 05:04 PM | 00,000,444 | ---- | M] () - C:\WINDOWS\tasks\XoftSpySE 2.job
[08/12/2008 05:18 PM | 00,052,275 | ---- | M] () - C:\Documents and Settings\pnw\My Documents\My book 2008.rtf
[09/03/2008 06:41 PM | 00,012,656 | ---- | M] () - C:\Documents and Settings\pnw\Desktop\Flint Labour Party.docx
[09/04/2008 05:38 PM | 00,010,051 | ---- | M] () - C:\Documents and Settings\pnw\Desktop\a href.docx
< End of report >
Extra Log
OTViewIt Extras logfile created on: 04/09/2008 17:39:45 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\pnw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 78.45 Mb Available Physical Memory | 40.97% Memory free
466.70 Mb Paging File | 287.69 Mb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.90 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
[08/04/2004 07:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[08/04/2004 07:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*
isabled:Yahoo! Messenger
[08/31/2005 04:11 PM | 02,478,080 | ---- | M] ()
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*isabled:Connection Manager
[09/01/2003 10:52 AM | 00,376,912 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = ComFile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = YBrowser.HTML] - [09/19/2006 03:28 PM | 00,668,152 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S
========== Winsock2 Catalogs ==========
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
========== HKEY_CURRENT_USER Protocol Defaults ==========
========== Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKLM - CZipHandler Object]
[10/23/2003 06:51 PM | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]
========== Protocol Filters ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{41DC35DD-1E9B-4254-AE64-16F9B740785A}" = Navman SmartST Version 2 Desktop
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{558B709B-821B-4FC5-90FC-9A8890641E77}" = Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX 2.3.2
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PROPLUS" = Microsoft Office Professional Plus 2007
"RegCure" = RegCure 1.5.0.0
"Sierra Utilities" = Sierra Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Mechanic Professional 6_is1" = iolo technologies' System Mechanic Professional 6
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Utilities" = TOSHIBA Utilities
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE" = XoftSpySE
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25/02/2008 18:00:23 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 25/02/2008 18:00:25 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 02/03/2008 18:03:16 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 02/03/2008 18:03:18 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 02/03/2008 18:39:35 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 02/03/2008 18:39:37 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 03/03/2008 21:41:19 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 03/03/2008 21:41:22 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 04/03/2008 11:49:00 - Computer Name = PETE - User Name = User SID not found - Source = Application Hang
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 04/03/2008 11:52:35 - Computer Name = PETE - User Name = User SID not found - Source = Microsoft Office 12
Description = EventType offdiag12, P1 5da3919a-c05b-49fe-b8f4-786d3f8121621f4e26f8-669b-48f3-9320-158d69f80839,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
[ Internet Explorer Events ]
[ ODiag Events ]
[ OSession Events ]
[ Security Events ]
[ System Events ]
Error - 30/08/2008 19:50:00 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 30/08/2008 20:51:03 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 31/08/2008 08:28:48 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 12:51:01 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 18:58:25 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 31/08/2008 19:43:22 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 21:20:26 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 01/09/2008 17:45:16 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 03/09/2008 18:16:32 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 04/09/2008 17:04:28 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
< End of report >
OTViewIt Extras logfile created on: 04/09/2008 17:39:45 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\pnw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
191.48 Mb Total Physical Memory | 78.45 Mb Available Physical Memory | 40.97% Memory free
466.70 Mb Paging File | 287.69 Mb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 288 576;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.90 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[08/04/2004 07:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019[08/04/2004 07:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*
isabled:Yahoo! Messenger[08/31/2005 04:11 PM | 02,478,080 | ---- | M] ()
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*
isabled:Connection Manager[09/01/2003 10:52 AM | 00,376,912 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = ComFile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = YBrowser.HTML] - [09/19/2006 03:28 PM | 00,668,152 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S
========== Winsock2 Catalogs ==========
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
========== HKEY_CURRENT_USER Protocol Defaults ==========
========== Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKLM - CZipHandler Object]
[10/23/2003 06:51 PM | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]
========== Protocol Filters ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{41DC35DD-1E9B-4254-AE64-16F9B740785A}" = Navman SmartST Version 2 Desktop
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{558B709B-821B-4FC5-90FC-9A8890641E77}" = Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX 2.3.2
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
"InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PROPLUS" = Microsoft Office Professional Plus 2007
"RegCure" = RegCure 1.5.0.0
"Sierra Utilities" = Sierra Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Mechanic Professional 6_is1" = iolo technologies' System Mechanic Professional 6
"TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Utilities" = TOSHIBA Utilities
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE" = XoftSpySE
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25/02/2008 18:00:23 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 25/02/2008 18:00:25 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 02/03/2008 18:03:16 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 02/03/2008 18:03:18 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 02/03/2008 18:39:35 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 02/03/2008 18:39:37 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 03/03/2008 21:41:19 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 03/03/2008 21:41:22 - Computer Name = PETE - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 04/03/2008 11:49:00 - Computer Name = PETE - User Name = User SID not found - Source = Application Hang
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 04/03/2008 11:52:35 - Computer Name = PETE - User Name = User SID not found - Source = Microsoft Office 12
Description = EventType offdiag12, P1 5da3919a-c05b-49fe-b8f4-786d3f8121621f4e26f8-669b-48f3-9320-158d69f80839,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
[ Internet Explorer Events ]
[ ODiag Events ]
[ OSession Events ]
[ Security Events ]
[ System Events ]
Error - 30/08/2008 19:50:00 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 30/08/2008 20:51:03 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 31/08/2008 08:28:48 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 12:51:01 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 18:58:25 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 31/08/2008 19:43:22 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 31/08/2008 21:20:26 - Computer Name = PETE - User Name = User SID not found - Source = Windows Update Agent
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
Error - 01/09/2008 17:45:16 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 03/09/2008 18:16:32 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
Error - 04/09/2008 17:04:28 - Computer Name = PETE - User Name = User SID not found - Source = Service Control Manager
Description = The HID Input Service service terminated with the following error:
%%2
< End of report >
ceewi1
VIP Member
Those speed test results are reasonably fast, so I don't think that's responsible for your problems. There's no malware showing in those logs, but it appears that you have only 256MB of RAM, and due to the fact that some of that is shared with the video adaptor, only 191MB is available for Windows.
With this little available RAM it is not surprising that your system is running slowly, a RAM upgrade would improve your system speed significantly.
With this little available RAM it is not surprising that your system is running slowly, a RAM upgrade would improve your system speed significantly.