Jump to content

borojamie

Members
 View Profile  See their activity

  • Posts

    101

  • Joined

  • Last visited

About borojamie

  • Birthday 12/9/1978

Personal Information

  • Occupation
    RAF
  • Real Name
    Jamie

Tech Info

  • Experience
    some_experience
  • System: windows_xp

borojamie's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. borojamie
    Mine was chilled although Sunday was messy - Derby day always going to be :) Eset came back completely clean. Nothing found, searched 92633 files. I haven't had a problem with sound or noticed firewalls been taken off since early last week, following a reboot (on seperate occasions) they both worked fine immediately afterwards, Cheers Jamie
  2. borojamie
    Hi Starbuck, Hope you had a good weekend. Doh!! lol Yeah it was tiny footprint I've never come across that before. Unfortunately when I ended the processes it also froze my computer so I have removed malware for now. OTL has now ran. Thanks again for your help mate All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. File F:\.\Setup.exe AUTORUN=1 not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Jamie\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Jamie\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 507904 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56502 bytes User: All Users User: NetworkService ->Temp folder emptied: 329750 bytes ->Temporary Internet Files folder emptied: 2319629 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Administrator ->Temp folder emptied: 507904 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Jamie ->Temp folder emptied: 78740093 bytes ->Temporary Internet Files folder emptied: 515050670 bytes ->Flash cache emptied: 1256 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 282624 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 500469572 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 68009608 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65990 bytes RecycleBin emptied: 81665227 bytes Total Files Cleaned = 1,190.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01302012_190809 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCC30.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCC39.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCCC6.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCCE5.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCDE6.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCE22.tmp not found! C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\5OGQNIJ8\ads[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\7XZ2XSKS\13028-Strange-Occurrances[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\7XZ2XSKS\ads[2].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\KT3FP0R2\si[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\0Q30FKEM\si[2].htm moved successfully. C:\WINDOWS\temp\MpCmdRun.log moved successfully. Registry entries deleted on Reboot...
  3. borojamie
    ive stopped mbam via exiting on my task bar but unfortunately my task manager is only showing the task box with end task switch too and new task open the menus and tabs to check processes isnt there either :S Ive rechecked the spreadsheet i emailed and there are no embedded formula, a few autosums but nothing more complex Thanks Jamie
  4. borojamie
    Hi Starbuck, Thanks once again for being able to help me, yea last time we spoke was a couple of years ago, congratulations sort of on Swansea taking our place in the Premiership :) hopefully we'll be back soon. Unfortunately I have tried the OTL fix but it keeps freezing OTL and becoming non responsive. Ive turned all virus software off and eset has worked not finding anything suspicious ive attached the report as requested Bizzarely my phone has gone totally bonkers acting very erratic so think that might of been the source. Now I have removed bit torrent malware has stopped blocking IP addresses. It is a good phone although the 128mb of ram is taken up by use of the phone which only leaves another 128 for applications :S unless thats mine lol Thanks again bud ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=157065971dafcc448653cc1478fb245e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-27 08:58:39 # local_time=2012-01-27 08:58:39 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 3740 3740 0 0 # scanned=94994 # found=0 # cleaned=0 # scan_time=2950
  5. borojamie
    extras.otl OTL Extras logfile created on: 25/01/2012 22:04:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jamie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.04 Mb Total Physical Memory | 435.35 Mb Available Physical Memory | 42.60% Memory free 2.40 Gb Paging File | 1.87 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.20 Gb Total Space | 15.55 Gb Free Space | 29.23% Space Free | Partition Type: FAT32 Drive D: | 53.69 Gb Total Space | 6.91 Gb Free Space | 12.87% Space Free | Partition Type: FAT32 Drive E: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: FBP | User Name: Jamie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1 "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5 "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "AcerOrbiCamDrv" = Acer OrbiCam Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP "ePresentation" = Acer ePresentation Management "GridVista" = Acer GridVista "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "InternetEverywhere" = Internet Everywhere "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "OpenTTD" = OpenTTD 0.4.7.0 "ProInst" = Intel® PROSet/Wireless Software "Shockwave" = Shockwave "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/01/2012 21:07:52 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/01/2012 09:08:11 | Computer Name = FBP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x000153c4. Error - 08/01/2012 09:15:14 | Computer Name = FBP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x001b3860. Error - 10/01/2012 20:15:39 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:39 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:40 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:41 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:41 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 13/01/2012 12:17:27 | Computer Name = FBP | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 13/01/2012 13:58:22 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 23/01/2012 15:10:24 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 24/01/2012 15:46:16 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 24/01/2012 15:52:18 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 25/01/2012 16:57:41 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. < End of report >
  6. borojamie
    OTL logfile created on: 25/01/2012 22:04:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jamie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.04 Mb Total Physical Memory | 435.35 Mb Available Physical Memory | 42.60% Memory free 2.40 Gb Paging File | 1.87 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.20 Gb Total Space | 15.55 Gb Free Space | 29.23% Space Free | Partition Type: FAT32 Drive D: | 53.69 Gb Total Space | 6.91 Gb Free Space | 12.87% Space Free | Partition Type: FAT32 Drive E: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: FBP | User Name: Jamie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jamie\Desktop\OTL.scr (OldTimer Tools) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Jamie\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_142e661d\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_17efd529\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d4c8cfb2\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0861253a\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Documents and Settings\Jamie\Local Settings\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll () MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Acer\Empowering Technology\NetMonitor.dll () MOD - C:\Acer\Empowering Technology\ServiceControl.dll () MOD - C:\Program Files\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKsl6d78a406) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6180712C-E61C-494F-A4CA-E0E5D983BD3E}\MpKsl6d78a406.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys () DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys () DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2010/12/12 23:36:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292188284078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292188256671 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EC833B5-0396-489D-A553-C5CB9D17E4F3}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2008/03/06 07:39:16 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2008/01/25 20:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/03/06 06:42:11 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ UDF ] O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell - "" = AutoRun O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/25 22:01:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jamie\Desktop\OTL.scr [2012/01/13 19:13:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/01/13 16:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie\Local Settings\Application Data\PCHealth [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/25 22:21:30 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/01/25 22:01:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie\Desktop\OTL.scr [2012/01/25 21:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/25 21:42:12 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2012/01/25 21:41:16 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/01/25 21:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/25 21:40:38 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2012/01/25 21:39:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2012/01/19 20:14:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/17 17:04:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/13 20:27:44 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/11 23:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 23:31:12 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/11 23:31:12 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/09 21:45:28 | 000,132,824 | ---- | M] () -- C:\Documents and Settings\Jamie\Desktop\405488_10150584471142619_523917618_11138267_606258018_n.jpg [2012/01/04 12:20:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/04 09:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/18 00:22:19 | 000,285,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/01/15 12:00:56 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/13 20:36:13 | 000,117,689 | ---- | C] () -- C:\Documents and Settings\Jamie\Desktop\CIMG1598.JPG [2012/01/09 22:12:16 | 000,132,824 | ---- | C] () -- C:\Documents and Settings\Jamie\Desktop\405488_10150584471142619_523917618_11138267_606258018_n.jpg [2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/08/01 12:06:15 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2011/06/23 07:32:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/08 20:54:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/02/23 17:14:36 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini [2011/01/27 21:01:04 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011/01/07 19:47:15 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011/01/07 19:47:15 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011/01/07 19:47:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010/12/22 14:28:40 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/22 13:24:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/12/22 13:24:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/12/22 13:24:08 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/12/22 13:24:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/12/22 13:24:07 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/12/14 16:50:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/12/12 23:21:04 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin [2010/12/12 23:21:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2010/12/12 23:21:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2010/12/12 23:21:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2010/12/12 23:21:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2010/12/12 23:21:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2010/12/12 23:19:59 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2010/12/12 23:16:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2010/12/12 23:11:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\fusioncache.dat [2010/12/12 16:03:56 | 001,154,584 | ---- | C] () -- C:\WINDOWS\YTB.EXE [2010/12/12 16:03:56 | 000,261,627 | ---- | C] () -- C:\WINDOWS\EMEAWG.EXE [2006/08/19 08:21:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/08/19 08:21:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/08/19 08:04:44 | 000,446,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/08/19 08:04:44 | 000,073,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/08/19 08:00:04 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/08/18 21:54:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/08/18 21:50:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/06/23 10:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2006/06/23 10:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2006/06/19 11:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2006/06/12 16:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/06/12 16:11:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006/06/12 16:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/06/12 16:11:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006/06/12 16:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/06/12 16:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/06/12 16:11:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006/06/12 16:11:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006/06/12 16:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 16:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/10 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2006/08/18 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer [2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/11/23 22:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Acer [2010/12/12 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\InternetEverywhere [2010/12/13 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Command & Conquer 3 Kane's Wrath [2011/02/16 20:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Red Alert 3 [2011/09/16 21:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Command & Conquer 3 Tiberium Wars [2011/09/25 20:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\PriceGong [2011/11/23 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Samsung [2011/11/24 00:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Temp [2012/01/25 22:21:30 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2012/01/25 21:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/12/13 01:06:28 | 000,250,048 | RHS- | M] () -- C:\ntldr [2004/08/10 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/12/12 23:10:38 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/08/18 21:54:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT [2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/08/18 22:31:32 | 000,000,519 | ---- | M] () -- C:\RHDSetup.log [2006/08/19 08:27:58 | 000,000,084 | RHS- | M] () -- C:\Preload.aaa [1999/11/11 00:17:54 | 000,000,049 | ---- | M] () -- C:\MCE.TAG [2012/01/25 21:40:38 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2012/01/25 21:40:38 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/08/18 21:39:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [2006/08/18 21:39:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/08/18 21:39:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report >
  7. borojamie
    Hi, Thank yuo for all your help in the past, please could i have some more advice. I think I may have some gremlins attempting to disrupt my system. I have continually used Malwarebytes MBAM as a visur checker along with microsoft essentials and windows defender however recently (possibly due to downloading samsung galaxy S software or bit torrent). Randomly my sound drivers disappear and i lose sound. or my firewall disappears and eventually my internet access even on facebook and hotmail gets slower and slower over a couple of hours until it freezes and i have to manually reboot. I have done 100% file checks through all three programmes and nothing shows as potential threat or removed objects. The only other indication, prior to removing bit torret was that malwarebytes continually blocked four outgoing websites, (IP addresses below) but no further information obtained. 67.215.246.204 77.247.181.165 89.28.15.247 77.78.224.182 When I forwarded an excel document to my work pc via hotmail. It was blocked by our intense firewall as having active objects included. As Malware is not picking anything up I am unsure what else I could try please can I have some help my OTL files are attached below but haven't attached malware as it shows no objects found. Thanks again for all your help Jamie
  8. borojamie
    Hi Starbuck, Sorry I havent been in touch i have lost all internet from bt now and waiting for sky to be installed. I am only logged in as myself but have the same access rights as administrator (it always used to work in my login) I havent got much on my laptop and as we know its clean i could always reset factory settings all media/photos/office files are backed up on my external hd so would just need to reinstall a few progs, office, itues, etc Thanks for your help and sorry i wasnt able to contact you. Jamie
  9. borojamie
    yea mate, clicking on the control panel icon then the power settings icon - eggtimer pops up then nothing. All other control panel icons work properly tho
  10. borojamie
    Hi Starbuck, I was downloading it straight from the hotmail.com wbsite link to windows live when i try to use your link it tells me that i already have those programmes ill try and remover/re-install if you think it may help. Thanks sorry about me dual posting lol That is the settings i prefer however I cannot get any response at all when i click on the power options icon. :-( Thanks for your help Jamie
  11. borojamie
    Hi Starbuck, I have also noticed my power settings have changed as my screen shuts down after about 5 minutes and my comupter goes to hibernate after 10 more. When I click on control panel > Power Options nothing happens so I am not sure if this needs to also be restored Thanks Jamie
  12. borojamie
    Thanks starbuck, Disturbingly BT estimate me getting 15mb broadband however the clocks all test 2-300kbps!!! I have tried at different times inc 4am and no better service :S Ive also tried ethernet cable or wireless. I reloaded messenger and unfortunatley now it has stopped working. However everything else is running perfectly. Ive tried tweaking my Internet Options security settings but with no luck including resetting to default. Not even setting everything to medium or low. At this moment I have no firewall or virus checker installed/on so cant understand what is stopping it from working. Jamie
  13. borojamie
    Hi Starbuck, Thanks yes, smooth transitions, and its stoppd freezing (no response) programmes, i have some pretty intense spreadsheets and they are now looking up/macros smoothly as opposed to previous niggly stop/start. Thanks for the options for virus checkers, i always thought mcaafee was the fastest but diidnt think of other alternatives to nod/norton. The last question i was going to ask is do you know any good programmes/websites to benchmark my broadband speed this also appears slower than i would of imagined now i live very close to the exchange and not a million miles away on a raf base lol
  14. borojamie
    Hi Starbuck thank you Ive ran OTL and the text is below: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADMTray.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AzMixerSel deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LaunchApp deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LogitechCameraService(E) deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LVCOMSX deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PHIME2002 not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jamie panico ->Temp folder emptied: 84259559 bytes ->Temporary Internet Files folder emptied: 56855722 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 117950 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65789 bytes ->Flash cache emptied: 12154 bytes User: NetworkService ->Temp folder emptied: 2968 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 596241 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 135.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10052010_204704 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\jamie panico\Local Settings\Temp\fla9.tmp not found! C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\Y2ZZLZ3Y\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\LNKLM5X1\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\J8EP3IJ5\120_rot[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\ICSK7X40\br3[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\I0W1LXFH\xvideos.com_1863f61e6b449063d92df54edc1359a7[1].flv moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\BCAOL3NJ\Messenger[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\BCAOL3NJ\xmlProxy[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\959P8Q0L\10566-gremlins-2[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\959P8Q0L\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\7AS0LV16\default[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\6JOO5N03\InboxLight[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\01[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\like[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\LocalStorage[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\sh24[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\xmlProxy[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...
  15. borojamie
    Hi Starbuck, Thanks, I can always reinstall messenger once i know everything is ok. Thanks for looking through some exe files that don't look affiliated to windows i dont have loads of programmes on my laptop and probably need less in start up-im happy to manually load them as and when i need. Not too sure about mcafee im open to suggestions, ive avioded nortoin because it has always crippled my running speed, and tried NOD but that only quarantined files wouldnt actually remove a trojan whereas mcafee hasnt give me too many problems and blocked and cleaned quite a few. I had a AVG at one point when it was free. What do you think would be best? Is it worth registering MBAM, does it give round the clock protection or do i still have to run as and when required? Thanks for your time Jamie
×
×
  • Create New...