tomiso

when i plug the phone into the computer, aheader appears briefly on the phone 'usb connection made' .If Kies active then it connects otherwise nothing. I have not yet used the tethering option, but have used wi fi connection from my existing modem.

Hi Starbuck follwed steps 1and2 Step3 I never used OTL.exe--- should I run it now then delete? Step3a I did use List Parts.exe ----presume I should delete now? At the moment I use Avast which updates itself and windows Defender firewall which is updated weekly on my windows update. Presumably the 3rd party firewalls suggested are an improvement on defender, do they update on a schedule or would i need to carry it out as a task. alternative browser:- only ever used internet explorer, I have chrome downloaded as a mistake but not yet deleted. will be using hotmail and gmail I assume WOT and OPERA are stand alone browsers which will operate my email, and both offer better security speed and stability ?? Thanks for the help, I'll get on with the reading on 'how infected' and Erunt and await your comments on the above Tom

When i first plugged the phone windows would not suggest a driver. the windows web site did not list the phone. samsung allows you to identify your phone but the download is the whole kies package I dont understand what you mean by "the phone set up for file transfer[/ Tom

thanks for promt replies. I was wary about changing registry, but not sure of next step. I've been using Kies after 3 or 4 attempts finally downloaded. it then creates the spb files, i've modified contacts in Kies and then put back on phone and they have changed again, losing some numbers and recreating duplication. I'm not impressed with Kies and would prefer to transfer the spb files to a spreadsheet ( csv files I think). Unfortunatly the galaxy ace phone is only recognised by my computer when kies is running. so should windows recognise psb files? i've some psb files in kies with numbers deleted elsewhere

my windows vista home premium doesn't recognise .pcb files from my galaxy ace phone. I'm trying to save and sync contacts without a lot of success. while searching for info I was directed to a 'SpeedyPC ' prog which says it will sort my registry as windows should read .pcb files. Anybody used this prog? Anybody had this problem ?

Hi Starbuck everything seems ok, had some issues with bbc iplayer but thats settled, ready for partition changes and would still like to access drive d to see whats there. tom

hi Starbuck thanks, it's all in the detail. What did combo fix do/achieve? tom

hi Starbuck That was a strange one, but it worked ComboFix 12-11-12.02 - tom 12/11/2012 10:27:55.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1041 [GMT 0:00] Running from: c:\users\tom\Desktop\Com-boFix.exe Command switches used :: c:\users\tom\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 ))))))))))))))))))))))))))))))) . . 2012-11-12 10:36 . 2012-11-12 10:37 -------- d-----w- c:\users\tom\AppData\Local\temp 2012-11-12 10:36 . 2012-11-12 10:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-12 10:36 . 2012-11-12 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-05 22:18 . 2012-11-05 22:18 -------- d-----w- c:\program files\ESET 2012-11-04 20:55 . 2012-11-04 20:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-04 20:55 . 2012-11-04 20:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\users\tom\AppData\Roaming\Malwarebytes 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\programdata\Malwarebytes 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-02 11:35 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 07:45 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4832C1F6-E0B2-4DA8-A596-4CFE6CF7C23A}\mpengine.dll 2012-11-01 00:20 . 2012-09-20 04:35 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-11-01 00:20 . 2012-09-20 04:35 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-11-01 00:16 . 2012-11-01 00:16 -------- d-----w- c:\program files\MarkAny 2012-11-01 00:16 . 2012-09-26 20:57 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-11-01 00:16 . 2012-09-26 20:57 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-11-01 00:16 . 2012-09-26 20:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-10-31 13:42 . 2012-10-31 13:42 -------- d-----w- c:\users\tom\AppData\Local\FixItCenter 2012-10-31 13:33 . 2012-10-31 13:33 -------- d-----w- c:\windows\MATS 2012-10-31 13:33 . 2012-10-31 13:33 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-10-29 22:14 . 2012-10-29 22:14 -------- d-----w- c:\users\tom\AppData\Local\ElevatedDiagnostics 2012-10-29 18:15 . 2012-10-29 18:15 -------- d-----w- c:\program files\MyFree Codec 2012-10-29 18:13 . 2012-10-29 18:13 -------- d-----w- C:\Temp 2012-10-29 17:34 . 2012-10-29 17:34 -------- d-----w- c:\program files\CCleaner 2012-10-29 17:20 . 2012-10-29 22:03 -------- d-----w- c:\users\tom\AppData\Local\LogMeIn Rescue Applet 2012-10-28 16:03 . 2012-10-28 16:03 -------- d-----w- c:\users\tom\AppData\Local\Samsung 2012-10-28 16:03 . 2012-11-01 00:21 -------- d-----w- c:\users\tom\AppData\Roaming\Samsung 2012-10-28 15:58 . 2012-09-26 20:57 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-10-28 15:56 . 2012-11-01 00:19 -------- d-----w- c:\program files\Samsung 2012-10-28 15:56 . 2012-11-01 00:15 -------- d-----w- c:\programdata\Samsung 2012-10-28 15:48 . 2012-10-28 15:48 -------- d-----w- c:\users\tom\AppData\Local\Downloaded Installations 2012-10-19 09:45 . 2012-10-19 09:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-19 09:45 . 2012-10-19 09:45 -------- d-----w- c:\program files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-03-15 21:53 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2009-11-13 13:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2009-11-13 13:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2009-11-13 13:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2009-11-13 13:52 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2009-11-13 13:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-03-15 21:52 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2009-11-13 13:52 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-19 09:45 . 2012-07-02 05:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-19 09:45 . 2011-05-22 11:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-26 20:57 . 2012-09-26 20:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-09-26 20:57 . 2012-09-26 20:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-09-26 20:57 . 2012-09-26 20:57 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-09-26 20:57 . 2012-09-26 20:57 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-09-26 20:57 . 2012-09-26 20:57 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-09-26 20:57 . 2012-09-26 20:57 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-09-26 20:57 . 2012-09-26 20:57 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-09-26 20:57 . 2012-09-26 20:57 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-09-26 20:57 . 2012-09-26 20:57 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-09-26 20:57 . 2012-09-26 20:57 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-09-26 20:57 . 2012-09-26 20:57 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-09-26 20:57 . 2012-09-26 20:57 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-09-26 20:57 . 2012-09-26 20:57 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-09-26 20:57 . 2012-09-26 20:57 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-09-26 20:57 . 2012-09-26 20:57 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-09-26 20:57 . 2012-09-26 20:57 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-09-26 20:57 . 2012-09-26 20:57 172032 ----a-w- c:\windows\system32\muzapp.exe 2012-09-26 20:57 . 2012-09-26 20:57 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-09-26 20:57 . 2012-09-26 20:57 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-09-26 20:57 . 2012-09-26 20:57 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-09-26 20:57 . 2012-09-26 20:57 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-09-26 20:57 . 2012-09-26 20:57 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-09-26 20:57 . 2012-09-26 20:57 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-09-26 20:57 . 2012-09-26 20:57 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-09-13 13:28 . 2012-10-10 11:15 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 11:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 11:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 11:15 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59 . 2012-10-13 04:40 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-10-13 04:40 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-10-13 04:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-10-13 04:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-10-13 04:40 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-10-13 04:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b9b97401-98e1-4942-930d-c36652dab7f2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] "{b9b97401-98e1-4942-930d-c36652dab7f2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B9B97401-98E1-4942-930D-C36652DAB7F2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skytel"="Skytel.exe" [2007-06-15 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-1-6 303104] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] VPro530.lnk - c:\windows\VPro530.exe [2008-12-5 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2007-05-31 23:35 326440 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 22:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\Pixart\Pac7302\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing] 2007-06-22 01:33 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent] 2008-02-21 17:19 613792 ----a-w- c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3] 2006-09-19 09:07 827392 ----a-w- c:\windows\vsnpstd3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2007-06-11 06:06 901120 ----a-w- c:\program files\Thomson\SpeedTouch USB\DRAGDIAG.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-06 04:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:51] . 2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.uk.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: download.com TCP: DhcpNameServer = 192.168.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-12 10:37 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-11-12 10:39:31 ComboFix-quarantined-files.txt 2012-11-12 10:39 ComboFix2.txt 2012-11-11 10:42 . Pre-Run: 40,043,790,336 bytes free Post-Run: 39,967,236,096 bytes free . - - End Of File - - 51C8297A448856A26C9C2B1F556818A1 Tom

Hi there keep getting a message that ''CFScript.txt'' is incorrectly spelled. Had a problem when I first started, forgot the quote marks corrected it to ''CFScript.txt''.txt Subsequently deleted all and started again but still incorrectly spelled. Tom

Hi Starbuck When running Combo there was no mention of M W Recovery Console. I,ve had a look in -Start Seach- and my machine (windows Vista home premium) only identtifys txt docs under 'microsoft windows recovery console' Should I be visiting the microsoft site for a download?? Tom

Hi Starbuck as requested ComboFix.txt ComboFix 12-11-09.02 - tom 11/11/2012 10:29:37.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.903 [GMT 0:00] Running from: c:\users\tom\Desktop\Com-boFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AMMYY c:\programdata\AMMYY\hr c:\programdata\AMMYY\settings.bin c:\users\tom\AppData\Local\.# c:\users\tom\AppData\Local\.#\MBX@1210@1B31E58.### c:\users\tom\AppData\Local\.#\MBX@1210@1B31F18.### c:\users\tom\AppData\Local\.#\MBX@1210@1B31F38.### c:\users\tom\AppData\Local\.#\MBX@166C@1BD1E58.### c:\users\tom\AppData\Local\.#\MBX@166C@1BD1F18.### c:\users\tom\AppData\Local\.#\MBX@166C@1BD1F38.### c:\users\tom\AppData\Local\.#\MBX@19E0@1961E58.### c:\users\tom\AppData\Local\.#\MBX@19E0@1961F18.### c:\users\tom\AppData\Local\.#\MBX@19E0@1961F38.### . . ((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 ))))))))))))))))))))))))))))))) . . 2012-11-05 22:18 . 2012-11-05 22:18 -------- d-----w- c:\program files\ESET 2012-11-04 20:55 . 2012-11-04 20:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-04 20:55 . 2012-11-04 20:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\users\tom\AppData\Roaming\Malwarebytes 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\programdata\Malwarebytes 2012-11-02 11:35 . 2012-11-02 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-02 11:35 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 07:45 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4832C1F6-E0B2-4DA8-A596-4CFE6CF7C23A}\mpengine.dll 2012-11-01 00:20 . 2012-09-20 04:35 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-11-01 00:20 . 2012-09-20 04:35 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-11-01 00:16 . 2012-11-01 00:16 -------- d-----w- c:\program files\MarkAny 2012-11-01 00:16 . 2012-09-26 20:57 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-11-01 00:16 . 2012-09-26 20:57 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-11-01 00:16 . 2012-09-26 20:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-10-31 13:42 . 2012-10-31 13:42 -------- d-----w- c:\users\tom\AppData\Local\FixItCenter 2012-10-31 13:33 . 2012-10-31 13:33 -------- d-----w- c:\windows\MATS 2012-10-31 13:33 . 2012-10-31 13:33 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-10-29 22:14 . 2012-10-29 22:14 -------- d-----w- c:\users\tom\AppData\Local\ElevatedDiagnostics 2012-10-29 18:15 . 2012-10-29 18:15 -------- d-----w- c:\program files\MyFree Codec 2012-10-29 18:13 . 2012-10-29 18:13 -------- d-----w- C:\Temp 2012-10-29 17:34 . 2012-10-29 17:34 -------- d-----w- c:\program files\CCleaner 2012-10-29 17:20 . 2012-10-29 22:03 -------- d-----w- c:\users\tom\AppData\Local\LogMeIn Rescue Applet 2012-10-28 16:03 . 2012-10-28 16:03 -------- d-----w- c:\users\tom\AppData\Local\Samsung 2012-10-28 16:03 . 2012-11-01 00:21 -------- d-----w- c:\users\tom\AppData\Roaming\Samsung 2012-10-28 15:58 . 2012-09-26 20:57 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-10-28 15:56 . 2012-11-01 00:19 -------- d-----w- c:\program files\Samsung 2012-10-28 15:56 . 2012-11-01 00:15 -------- d-----w- c:\programdata\Samsung 2012-10-28 15:48 . 2012-10-28 15:48 -------- d-----w- c:\users\tom\AppData\Local\Downloaded Installations 2012-10-19 09:45 . 2012-10-19 09:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-19 09:45 . 2012-10-19 09:45 -------- d-----w- c:\program files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-03-15 21:53 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2009-11-13 13:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2009-11-13 13:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2009-11-13 13:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2009-11-13 13:52 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2009-11-13 13:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-03-15 21:52 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2009-11-13 13:52 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-19 09:45 . 2012-07-02 05:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-19 09:45 . 2011-05-22 11:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-26 20:57 . 2012-09-26 20:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-09-26 20:57 . 2012-09-26 20:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-09-26 20:57 . 2012-09-26 20:57 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-09-26 20:57 . 2012-09-26 20:57 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-09-26 20:57 . 2012-09-26 20:57 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-09-26 20:57 . 2012-09-26 20:57 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-09-26 20:57 . 2012-09-26 20:57 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-09-26 20:57 . 2012-09-26 20:57 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-09-26 20:57 . 2012-09-26 20:57 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-09-26 20:57 . 2012-09-26 20:57 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-09-26 20:57 . 2012-09-26 20:57 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-09-26 20:57 . 2012-09-26 20:57 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-09-26 20:57 . 2012-09-26 20:57 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-09-26 20:57 . 2012-09-26 20:57 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-09-26 20:57 . 2012-09-26 20:57 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-09-26 20:57 . 2012-09-26 20:57 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-09-26 20:57 . 2012-09-26 20:57 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-09-26 20:57 . 2012-09-26 20:57 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-09-26 20:57 . 2012-09-26 20:57 172032 ----a-w- c:\windows\system32\muzapp.exe 2012-09-26 20:57 . 2012-09-26 20:57 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-09-26 20:57 . 2012-09-26 20:57 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-09-26 20:57 . 2012-09-26 20:57 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-09-26 20:57 . 2012-09-26 20:57 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-09-26 20:57 . 2012-09-26 20:57 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-09-26 20:57 . 2012-09-26 20:57 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-09-26 20:57 . 2012-09-26 20:57 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-09-13 13:28 . 2012-10-10 11:15 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 11:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 11:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 11:15 172544 ----a-w- c:\windows\system32\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b9b97401-98e1-4942-930d-c36652dab7f2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] "{b9b97401-98e1-4942-930d-c36652dab7f2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B9B97401-98E1-4942-930D-C36652DAB7F2}"= "c:\program files\TranslatorBar_5\tbTran.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{b9b97401-98e1-4942-930d-c36652dab7f2}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skytel"="Skytel.exe" [2007-06-15 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-1-6 303104] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] VPro530.lnk - c:\windows\VPro530.exe [2008-12-5 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2007-05-31 23:35 326440 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 22:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\Pixart\Pac7302\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing] 2007-06-22 01:33 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent] 2008-02-21 17:19 613792 ----a-w- c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3] 2006-09-19 09:07 827392 ----a-w- c:\windows\vsnpstd3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2007-06-11 06:06 901120 ----a-w- c:\program files\Thomson\SpeedTouch USB\DRAGDIAG.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-06 04:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - RapportIaso . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:51] . 2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 01:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.uk.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: download.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-11 10:39 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-11-11 10:42:10 ComboFix-quarantined-files.txt 2012-11-11 10:42 . Pre-Run: 39,765,663,744 bytes free Post-Run: 39,707,385,856 bytes free . - - End Of File - - 65CBF071C51D30809C739B9423EFF02F

see above for log.txt report. during the run some threat report/list was made which started as win 32 but I didn,t look too close as I expected a full txt report. In the event I think some windows stuff was seen as a threat as my windows icon on the toolbar disappeared, however it reappeared after I restarted. The only other Txt type file that i've located is a list of 5 NQF and NDF files but the copy function is greyed out. It does not look as if any threats were identifyed eset quick scan Sounds good. Understood. Not at present but I think I can source one and would be interested. I tried to explain this earlier, selecting explore brings up 5 sub folders with a total of say 12kb compared to 26 MB used in Drive D. Tom

Hi Starbuck When I ran eset it detected Windows Defender which was/is turned off. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 During the run it identified 2 threats? in Win 32 Almost 50% of my hard drive is hidden or not active. Is moving the partition very difficult/ dangerous . How do I view drive D? I thought it was good practise to save restore point in a seperate drive? Tom

hi starbuck In prev post I meant that I could not see the used content of drive D on the hard disc. When using the Back up and restore screen it is stated on the screen that backup files will go to D. Earlier today I unticked the box on drive SQservices and left drives C and D ticked. After a file back up C had an addition 4Gb and i think D has added 1Gb How do I view Contents of SQ and D drives, in the longer term I may wih to move the partition? ListParts by Farbar Version: 30-10-2012 Ran by tom (administrator) on 04-11-2012 at 17:02:25 Windows Vista (X86) Running From: C:\Users\tom\Desktop\ListParts.exe Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 55% Total physical RAM: 2046.83 MB Available physical RAM: 909.18 MB Total Pagefile: 5994.04 MB Available Pagefile: 4163 MB Total Virtual: 2047.88 MB Available Virtual: 1965 MB ======================= Partitions ========================= 1 Drive c: (ACER) (Fixed) (Total:101.86 GB) (Free:47.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:111.43 GB) (Free:83.96 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 10 GB Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 10 GB 32 KB Partition 2 Primary 102 GB 10 GB Partition 3 Primary 111 GB 121 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C ACER NTFS Partition 102 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 111 GB Healthy ====================================================================================================== ****** End Of Looking fwd to your reply and thanks in advance. I have another problem with accessing BBc iplayer /flash/long scripts but as my original querie has been solved i'll open another thread. tom

2nd log 2012/11/02 11:35:53 GMT TOM-PC tom MESSAGE Starting protection 2012/11/02 11:35:53 GMT TOM-PC tom MESSAGE Protection started successfully 2012/11/02 11:35:53 GMT TOM-PC tom MESSAGE Starting IP protection 2012/11/02 11:35:58 GMT TOM-PC tom MESSAGE IP Protection started successfully 2012/11/02 11:36:09 GMT TOM-PC tom MESSAGE Starting database refresh 2012/11/02 11:36:09 GMT TOM-PC tom MESSAGE Stopping IP protection 2012/11/02 11:36:09 GMT TOM-PC tom MESSAGE IP Protection stopped successfully 2012/11/02 11:36:12 GMT TOM-PC tom MESSAGE Database refreshed successfully 2012/11/02 11:36:12 GMT TOM-PC tom MESSAGE Starting IP protection 2012/11/02 11:36:17 GMT TOM-PC tom MESSAGE IP Protection started successfully 2012/11/02 11:42:28 GMT TOM-PC tom MESSAGE Executing scheduled update: Daily 2012/11/02 11:42:30 GMT TOM-PC tom MESSAGE Database already up-to-date 2012/11/02 12:31:51 GMT TOM-PC tom MESSAGE Starting protection 2012/11/02 12:31:51 GMT TOM-PC tom MESSAGE Protection started successfully 2012/11/02 12:31:51 GMT TOM-PC tom MESSAGE Starting IP protection 2012/11/02 12:31:54 GMT TOM-PC tom MESSAGE IP Protection started successfully 2012/11/02 19:51:59 GMT TOM-PC tom MESSAGE Starting protection 2012/11/02 19:51:59 GMT TOM-PC tom MESSAGE Protection started successfully 2012/11/02 19:51:59 GMT TOM-PC tom MESSAGE Starting IP protection 2012/11/02 19:52:06 GMT TOM-PC tom MESSAGE IP Protection started successfully 2012/11/02 19:58:39 GMT TOM-PC tom MESSAGE Starting protection 2012/11/02 19:58:39 GMT TOM-PC tom MESSAGE Protection started successfully 2012/11/02 19:58:39 GMT TOM-PC tom MESSAGE Starting IP protection 2012/11/02 19:58:48 GMT TOM-PC tom MESSAGE IP Protection started successfully