borojamie

Members

View Profile See their activity

Posts
101
Joined
December 9, 2009
Last visited
January 31, 2012

Content Type

All Activity

Profiles

Forums

Topics
Posts

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by borojamie

Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Mine was chilled although Sunday was messy - Derby day always going to be :) Eset came back completely clean. Nothing found, searched 92633 files. I haven't had a problem with sound or noticed firewalls been taken off since early last week, following a reboot (on seperate occasions) they both worked fine immediately afterwards, Cheers Jamie
- January 31, 2012
- 11 replies
Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Hope you had a good weekend. Doh!! lol Yeah it was tiny footprint I've never come across that before. Unfortunately when I ended the processes it also froze my computer so I have removed malware for now. OTL has now ran. Thanks again for your help mate All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f127b4a-f958-11e0-a2a0-000000000000}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\ not found. File F:\.\Setup.exe AUTORUN=1 not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Jamie\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Jamie\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 507904 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56502 bytes User: All Users User: NetworkService ->Temp folder emptied: 329750 bytes ->Temporary Internet Files folder emptied: 2319629 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Administrator ->Temp folder emptied: 507904 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Jamie ->Temp folder emptied: 78740093 bytes ->Temporary Internet Files folder emptied: 515050670 bytes ->Flash cache emptied: 1256 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 282624 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 500469572 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 68009608 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65990 bytes RecycleBin emptied: 81665227 bytes Total Files Cleaned = 1,190.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01302012_190809 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCC30.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCC39.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCCC6.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCCE5.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCDE6.tmp not found! File\Folder C:\Documents and Settings\Jamie\Local Settings\Temp\~DFCE22.tmp not found! C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\5OGQNIJ8\ads[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\7XZ2XSKS\13028-Strange-Occurrances[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\7XZ2XSKS\ads[2].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\KT3FP0R2\si[1].htm moved successfully. C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\0Q30FKEM\si[2].htm moved successfully. C:\WINDOWS\temp\MpCmdRun.log moved successfully. Registry entries deleted on Reboot...
- January 30, 2012
- 11 replies
Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

ive stopped mbam via exiting on my task bar but unfortunately my task manager is only showing the task box with end task switch too and new task open the menus and tabs to check processes isnt there either :S Ive rechecked the spreadsheet i emailed and there are no embedded formula, a few autosums but nothing more complex Thanks Jamie
- January 27, 2012
- 11 replies
Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Thanks once again for being able to help me, yea last time we spoke was a couple of years ago, congratulations sort of on Swansea taking our place in the Premiership :) hopefully we'll be back soon. Unfortunately I have tried the OTL fix but it keeps freezing OTL and becoming non responsive. Ive turned all virus software off and eset has worked not finding anything suspicious ive attached the report as requested Bizzarely my phone has gone totally bonkers acting very erratic so think that might of been the source. Now I have removed bit torrent malware has stopped blocking IP addresses. It is a good phone although the 128mb of ram is taken up by use of the phone which only leaves another 128 for applications :S unless thats mine lol Thanks again bud ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=157065971dafcc448653cc1478fb245e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-27 08:58:39 # local_time=2012-01-27 08:58:39 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 3740 3740 0 0 # scanned=94994 # found=0 # cleaned=0 # scan_time=2950
- January 27, 2012
- 11 replies
Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

extras.otl OTL Extras logfile created on: 25/01/2012 22:04:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jamie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.04 Mb Total Physical Memory | 435.35 Mb Available Physical Memory | 42.60% Memory free 2.40 Gb Paging File | 1.87 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.20 Gb Total Space | 15.55 Gb Free Space | 29.23% Space Free | Partition Type: FAT32 Drive D: | 53.69 Gb Total Space | 6.91 Gb Free Space | 12.87% Space Free | Partition Type: FAT32 Drive E: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: FBP | User Name: Jamie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1 "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5 "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "AcerOrbiCamDrv" = Acer OrbiCam Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP "ePresentation" = Acer ePresentation Management "GridVista" = Acer GridVista "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "InternetEverywhere" = Internet Everywhere "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "OpenTTD" = OpenTTD 0.4.7.0 "ProInst" = Intel® PROSet/Wireless Software "Shockwave" = Shockwave "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/01/2012 21:07:52 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/01/2012 09:08:11 | Computer Name = FBP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x000153c4. Error - 08/01/2012 09:15:14 | Computer Name = FBP | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x001b3860. Error - 10/01/2012 20:15:39 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:39 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:40 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:41 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/01/2012 20:15:41 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 13/01/2012 12:17:27 | Computer Name = FBP | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 13/01/2012 13:58:22 | Computer Name = FBP | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 23/01/2012 15:10:24 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 24/01/2012 15:46:16 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 24/01/2012 15:52:18 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. Error - 25/01/2012 16:57:41 | Computer Name = FBP | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070005. < End of report >
- January 25, 2012
- 11 replies
Strange Occurrances

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

OTL logfile created on: 25/01/2012 22:04:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jamie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.04 Mb Total Physical Memory | 435.35 Mb Available Physical Memory | 42.60% Memory free 2.40 Gb Paging File | 1.87 Gb Available in Paging File | 78.02% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.20 Gb Total Space | 15.55 Gb Free Space | 29.23% Space Free | Partition Type: FAT32 Drive D: | 53.69 Gb Total Space | 6.91 Gb Free Space | 12.87% Space Free | Partition Type: FAT32 Drive E: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: FBP | User Name: Jamie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jamie\Desktop\OTL.scr (OldTimer Tools) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Jamie\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_142e661d\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_17efd529\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d4c8cfb2\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0861253a\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Documents and Settings\Jamie\Local Settings\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll () MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Acer\Empowering Technology\NetMonitor.dll () MOD - C:\Acer\Empowering Technology\ServiceControl.dll () MOD - C:\Program Files\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKsl6d78a406) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6180712C-E61C-494F-A4CA-E0E5D983BD3E}\MpKsl6d78a406.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys () DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys () DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2010/12/12 23:36:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292188284078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292188256671 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EC833B5-0396-489D-A553-C5CB9D17E4F3}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2008/03/06 07:39:16 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2008/01/25 20:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/03/06 06:42:11 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ UDF ] O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8f127b4a-f958-11e0-a2a0-000000000000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell - "" = AutoRun O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9d38f5d0-0649-11e0-a188-0016d45e26a8}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/25 22:01:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jamie\Desktop\OTL.scr [2012/01/13 19:13:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/01/13 16:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jamie\Local Settings\Application Data\PCHealth [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/25 22:21:30 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/01/25 22:01:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie\Desktop\OTL.scr [2012/01/25 21:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/25 21:42:12 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2012/01/25 21:41:16 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/01/25 21:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/25 21:40:38 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2012/01/25 21:39:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2012/01/19 20:14:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/17 17:04:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/13 20:27:44 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/11 23:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 23:31:12 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/11 23:31:12 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/09 21:45:28 | 000,132,824 | ---- | M] () -- C:\Documents and Settings\Jamie\Desktop\405488_10150584471142619_523917618_11138267_606258018_n.jpg [2012/01/04 12:20:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/04 09:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/18 00:22:19 | 000,285,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/01/15 12:00:56 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/13 20:36:13 | 000,117,689 | ---- | C] () -- C:\Documents and Settings\Jamie\Desktop\CIMG1598.JPG [2012/01/09 22:12:16 | 000,132,824 | ---- | C] () -- C:\Documents and Settings\Jamie\Desktop\405488_10150584471142619_523917618_11138267_606258018_n.jpg [2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/08/01 12:06:15 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2011/06/23 07:32:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/08 20:54:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/02/23 17:14:36 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini [2011/01/27 21:01:04 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011/01/07 19:47:15 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011/01/07 19:47:15 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011/01/07 19:47:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010/12/22 14:28:40 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/22 13:24:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/12/22 13:24:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/12/22 13:24:08 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/12/22 13:24:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/12/22 13:24:07 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/12/14 16:50:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/12/12 23:21:04 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin [2010/12/12 23:21:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2010/12/12 23:21:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2010/12/12 23:21:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2010/12/12 23:21:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2010/12/12 23:21:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2010/12/12 23:19:59 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2010/12/12 23:16:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2010/12/12 23:11:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jamie\Local Settings\Application Data\fusioncache.dat [2010/12/12 16:03:56 | 001,154,584 | ---- | C] () -- C:\WINDOWS\YTB.EXE [2010/12/12 16:03:56 | 000,261,627 | ---- | C] () -- C:\WINDOWS\EMEAWG.EXE [2006/08/19 08:21:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/08/19 08:21:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/08/19 08:04:44 | 000,446,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/08/19 08:04:44 | 000,073,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/08/19 08:00:04 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/08/18 21:54:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/08/18 21:50:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/06/23 10:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2006/06/23 10:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2006/06/19 11:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2006/06/12 16:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/06/12 16:11:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006/06/12 16:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/06/12 16:11:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006/06/12 16:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/06/12 16:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/06/12 16:11:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006/06/12 16:11:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006/06/12 16:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 16:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/10 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2006/08/18 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer [2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/11/23 22:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Acer [2010/12/12 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\InternetEverywhere [2010/12/13 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Command & Conquer 3 Kane's Wrath [2011/02/16 20:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Red Alert 3 [2011/09/16 21:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Command & Conquer 3 Tiberium Wars [2011/09/25 20:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\PriceGong [2011/11/23 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Samsung [2011/11/24 00:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie\Application Data\Temp [2012/01/25 22:21:30 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2012/01/25 21:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/12/13 01:06:28 | 000,250,048 | RHS- | M] () -- C:\ntldr [2004/08/10 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/12/12 23:10:38 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/08/18 21:54:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT [2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/08/18 22:31:32 | 000,000,519 | ---- | M] () -- C:\RHDSetup.log [2006/08/19 08:27:58 | 000,000,084 | RHS- | M] () -- C:\Preload.aaa [1999/11/11 00:17:54 | 000,000,049 | ---- | M] () -- C:\MCE.TAG [2012/01/25 21:40:38 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2012/01/25 21:40:38 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/08/18 21:39:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [2006/08/18 21:39:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/08/18 21:39:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:18 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report >
- January 25, 2012
- 11 replies
Strange Occurrances

borojamie posted a topic in Tech Support & Discussions Forum

Hi, Thank yuo for all your help in the past, please could i have some more advice. I think I may have some gremlins attempting to disrupt my system. I have continually used Malwarebytes MBAM as a visur checker along with microsoft essentials and windows defender however recently (possibly due to downloading samsung galaxy S software or bit torrent). Randomly my sound drivers disappear and i lose sound. or my firewall disappears and eventually my internet access even on facebook and hotmail gets slower and slower over a couple of hours until it freezes and i have to manually reboot. I have done 100% file checks through all three programmes and nothing shows as potential threat or removed objects. The only other indication, prior to removing bit torret was that malwarebytes continually blocked four outgoing websites, (IP addresses below) but no further information obtained. 67.215.246.204 77.247.181.165 89.28.15.247 77.78.224.182 When I forwarded an excel document to my work pc via hotmail. It was blocked by our intense firewall as having active objects included. As Malware is not picking anything up I am unsure what else I could try please can I have some help my OTL files are attached below but haven't attached malware as it shows no objects found. Thanks again for all your help Jamie
- January 25, 2012
- 11 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Sorry I havent been in touch i have lost all internet from bt now and waiting for sky to be installed. I am only logged in as myself but have the same access rights as administrator (it always used to work in my login) I havent got much on my laptop and as we know its clean i could always reset factory settings all media/photos/office files are backed up on my external hd so would just need to reinstall a few progs, office, itues, etc Thanks for your help and sorry i wasnt able to contact you. Jamie
- October 15, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

yea mate, clicking on the control panel icon then the power settings icon - eggtimer pops up then nothing. All other control panel icons work properly tho
- October 7, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, I was downloading it straight from the hotmail.com wbsite link to windows live when i try to use your link it tells me that i already have those programmes ill try and remover/re-install if you think it may help. Thanks sorry about me dual posting lol That is the settings i prefer however I cannot get any response at all when i click on the power options icon. :-( Thanks for your help Jamie
- October 7, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, I have also noticed my power settings have changed as my screen shuts down after about 5 minutes and my comupter goes to hibernate after 10 more. When I click on control panel > Power Options nothing happens so I am not sure if this needs to also be restored Thanks Jamie
- October 7, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Thanks starbuck, Disturbingly BT estimate me getting 15mb broadband however the clocks all test 2-300kbps!!! I have tried at different times inc 4am and no better service :S Ive also tried ethernet cable or wireless. I reloaded messenger and unfortunatley now it has stopped working. However everything else is running perfectly. Ive tried tweaking my Internet Options security settings but with no luck including resetting to default. Not even setting everything to medium or low. At this moment I have no firewall or virus checker installed/on so cant understand what is stopping it from working. Jamie
- October 7, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Thanks yes, smooth transitions, and its stoppd freezing (no response) programmes, i have some pretty intense spreadsheets and they are now looking up/macros smoothly as opposed to previous niggly stop/start. Thanks for the options for virus checkers, i always thought mcaafee was the fastest but diidnt think of other alternatives to nod/norton. The last question i was going to ask is do you know any good programmes/websites to benchmark my broadband speed this also appears slower than i would of imagined now i live very close to the exchange and not a million miles away on a raf base lol
- October 6, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck thank you Ive ran OTL and the text is below: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADMTray.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AzMixerSel deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LaunchApp deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LogitechCameraService(E) deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LVCOMSX deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PHIME2002 not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jamie panico ->Temp folder emptied: 84259559 bytes ->Temporary Internet Files folder emptied: 56855722 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 117950 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65789 bytes ->Flash cache emptied: 12154 bytes User: NetworkService ->Temp folder emptied: 2968 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 596241 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 135.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10052010_204704 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\jamie panico\Local Settings\Temp\fla9.tmp not found! C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\Y2ZZLZ3Y\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\LNKLM5X1\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\J8EP3IJ5\120_rot[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\ICSK7X40\br3[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\I0W1LXFH\xvideos.com_1863f61e6b449063d92df54edc1359a7[1].flv moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\BCAOL3NJ\Messenger[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\BCAOL3NJ\xmlProxy[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\959P8Q0L\10566-gremlins-2[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\959P8Q0L\ads[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\7AS0LV16\default[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\6JOO5N03\InboxLight[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\01[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\like[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\LocalStorage[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\sh24[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\5JOC6TU0\xmlProxy[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...
- October 5, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Thanks, I can always reinstall messenger once i know everything is ok. Thanks for looking through some exe files that don't look affiliated to windows i dont have loads of programmes on my laptop and probably need less in start up-im happy to manually load them as and when i need. Not too sure about mcafee im open to suggestions, ive avioded nortoin because it has always crippled my running speed, and tried NOD but that only quarantined files wouldnt actually remove a trojan whereas mcafee hasnt give me too many problems and blocked and cleaned quite a few. I had a AVG at one point when it was free. What do you think would be best? Is it worth registering MBAM, does it give round the clock protection or do i still have to run as and when required? Thanks for your time Jamie
- October 4, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

OTL Extras logfile created on: 04/10/2010 22:23:32 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jamie panico\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 519.00 Mb Available Physical Memory | 51.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.21 Gb Total Space | 11.24 Gb Free Space | 21.12% Space Free | Partition Type: NTFS Drive D: | 53.69 Gb Total Space | 36.59 Gb Free Space | 68.15% Space Free | Partition Type: FAT32 Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FBP Current User Name: jamie panico Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\itunes\iTunes.exe" = D:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1 "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) "AcerOrbiCamDrv" = Acer OrbiCam Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP "ePresentation" = Acer ePresentation Management "ESET Online Scanner" = ESET Online Scanner v3 "GridVista" = Acer GridVista "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel® PROSet/Wireless Software "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04/10/2010 08:40:25 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7797 Error - 04/10/2010 12:53:30 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04/10/2010 12:53:30 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3890 Error - 04/10/2010 12:53:30 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3890 Error - 04/10/2010 12:53:34 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04/10/2010 12:53:34 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7797 Error - 04/10/2010 12:53:34 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7797 Error - 04/10/2010 12:53:38 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04/10/2010 12:53:38 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11734 Error - 04/10/2010 12:53:38 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11734 [ System Events ] Error - 01/10/2010 08:50:19 | Computer Name = FBP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 01/10/2010 08:50:19 | Computer Name = FBP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 01/10/2010 09:05:20 | Computer Name = FBP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 01/10/2010 09:05:20 | Computer Name = FBP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 01/10/2010 09:34:00 | Computer Name = FBP | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE87977F. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 01/10/2010 09:35:54 | Computer Name = FBP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 01/10/2010 09:35:54 | Computer Name = FBP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 01/10/2010 10:02:07 | Computer Name = FBP | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 10.71.175.50 on the Network Card with network address 0018DE87977F. Error - 01/10/2010 10:37:36 | Computer Name = FBP | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE87977F. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 03/10/2010 18:33:24 | Computer Name = FBP | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.1.64 on the Network Card with network address 0018DE87977F. < End of report >
- October 4, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

OTL logfile created on: 04/10/2010 22:23:32 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jamie panico\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 519.00 Mb Available Physical Memory | 51.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.21 Gb Total Space | 11.24 Gb Free Space | 21.12% Space Free | Partition Type: NTFS Drive D: | 53.69 Gb Total Space | 36.59 Gb Free Space | 68.15% Space Free | Partition Type: FAT32 Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FBP Current User Name: jamie panico Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\jamie panico\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Documents and Settings\jamie panico\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\jamie panico\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71ENU.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\catchme.sys File not found DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys () DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys () DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/09/28 22:27:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\jamie panico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\jamie panico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/18 23:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/11/06 23:20:46 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006/11/06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006/11/06 23:18:16 | 000,000,180 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006/10/29 03:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/01 15:52:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/10/01 13:08:14 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys [2010/10/01 13:08:03 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys [2010/10/01 13:08:03 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys [2010/10/01 09:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/09/30 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/09/30 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jamie panico\Desktop\New Folder [2010/09/29 20:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/09/29 20:11:23 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2010/09/28 21:42:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/09/28 21:35:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/09/28 21:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/09/28 21:26:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/09/28 21:26:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/09/28 21:26:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/09/28 21:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/09/28 21:26:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/28 21:11:14 | 000,000,000 | ---D | C] -- C:\_OTL [2010/09/28 18:25:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\OTL.exe [2010/09/28 18:13:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\TFC.exe [2010/09/28 17:24:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/09/27 21:49:35 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/09/25 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jamie panico\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files [2010/09/24 23:50:30 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/09/24 17:44:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server [2010/09/23 17:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/09/23 17:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/09/06 23:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jamie panico\Application Data\Media Player Classic [2010/09/06 21:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles ========== Files - Modified Within 30 Days ========== [2010/10/04 22:21:02 | 000,000,717 | ---- | M] () -- C:\WINDOWS\win.ini [2010/10/04 22:21:02 | 000,000,325 | RHS- | M] () -- C:\boot.ini [2010/10/04 22:21:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/10/04 22:20:56 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010/10/04 22:20:49 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/10/04 22:20:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/10/04 22:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/04 22:20:38 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2010/10/04 22:19:30 | 006,438,912 | ---- | M] () -- C:\Documents and Settings\jamie panico\ntuser.dat [2010/10/04 22:19:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jamie panico\ntuser.ini [2010/10/04 20:30:02 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CCC4F8B-1DE7-451A-B5F3-48DBC9FF26D9}.job [2010/10/01 14:39:55 | 034,470,912 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\Charity Auction.ppt [2010/09/30 23:03:32 | 006,347,264 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\doc 4.doc [2010/09/30 23:02:40 | 008,528,384 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\doc 3.doc [2010/09/30 23:01:11 | 008,974,848 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\Doc1.doc [2010/09/30 23:00:57 | 009,809,408 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\doc 2.doc [2010/09/30 22:55:25 | 033,605,632 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\all photos.doc [2010/09/30 18:36:24 | 000,254,536 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\The%20British%20Isles.jpg [2010/09/29 20:01:09 | 003,856,218 | R--- | M] () -- C:\Documents and Settings\jamie panico\Desktop\Combo-Fix.exe [2010/09/28 22:27:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/09/28 18:25:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\OTL.exe [2010/09/28 18:13:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\TFC.exe [2010/09/28 17:27:26 | 000,000,209 | ---- | M] () -- C:\Boot.bak [2010/09/27 22:32:03 | 000,041,512 | ---- | M] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/09/27 22:29:22 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/09/27 21:54:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/27 17:51:43 | 000,086,961 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\untitled.JPG [2010/09/27 17:50:58 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\Document1.doc [2010/09/24 22:44:30 | 000,846,294 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\failbook.bmp [2010/09/19 18:18:14 | 000,002,131 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk [2010/09/16 19:36:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/09/05 22:01:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jamie panico\My Documents\PDVD_MediaDisc.PlayList ========== Files Created - No Company Name ========== [2010/10/01 14:40:22 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Mr Jamie Panico.doc [2010/10/01 12:28:37 | 034,470,912 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Charity Auction.ppt [2010/09/30 23:03:31 | 006,347,264 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\doc 4.doc [2010/09/30 23:02:38 | 008,528,384 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\doc 3.doc [2010/09/30 22:59:12 | 009,809,408 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\doc 2.doc [2010/09/30 22:55:18 | 033,605,632 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\all photos.doc [2010/09/30 22:28:13 | 008,974,848 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Doc1.doc [2010/09/30 18:36:48 | 000,254,536 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\The%20British%20Isles.jpg [2010/09/28 22:27:24 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys [2010/09/28 21:35:28 | 000,000,209 | ---- | C] () -- C:\Boot.bak [2010/09/28 21:35:25 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/09/28 21:26:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/09/28 21:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/09/28 21:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/09/28 21:26:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/09/28 21:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/09/28 21:25:17 | 003,856,218 | R--- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Combo-Fix.exe [2010/09/27 21:46:57 | 006,438,912 | ---- | C] () -- C:\Documents and Settings\jamie panico\ntuser.dat [2010/09/27 17:51:42 | 000,086,961 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\untitled.JPG [2010/09/27 17:50:56 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Document1.doc [2010/09/24 22:44:29 | 000,846,294 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\failbook.bmp [2010/09/19 18:18:14 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk [2010/09/05 22:01:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jamie panico\My Documents\PDVD_MediaDisc.PlayList [2010/04/26 22:40:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/03/22 17:50:02 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/03/22 17:50:02 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/03/22 17:49:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\jamie panico\Application Data\$_hpcst$.hpc [2010/03/17 17:15:14 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/03/17 17:15:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/03/17 17:15:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/03/17 17:15:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/03/17 17:15:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/03/17 17:15:08 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/03/17 17:15:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/03/12 11:11:46 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2010/03/12 11:08:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2010/03/12 11:08:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2010/03/12 11:08:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2010/03/12 11:08:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2010/03/12 11:08:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2010/03/12 11:07:26 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2010/03/12 10:59:17 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\fusioncache.dat [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/08/19 09:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/08/18 23:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/06/23 11:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2006/06/23 11:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2006/06/19 12:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/16 20:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2006/06/12 17:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/06/12 17:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/06/12 17:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/06/12 17:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/06/12 17:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/12/14 21:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/10/31 19:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/26 15:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/05/02 13:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005/03/28 16:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 18:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/10 21:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/12/29 21:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll < End of report >
- October 4, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Thanks Randy & Starbuck, I reset all internet explorer security and privacy settings which has now allowed messenger to work. However I have now removed messenger for the next OTL run. Ive taken off mcafee and defender for now but can always reinstall. I am avoiding most websites at the moment as i realise i am totally vunerable Having looked in my start up files there are a lot of bizarre entries i dont recognise altho this might be because im a xp biff lol The same in my add/remove programmes is there anyway i can cut & paste the text or just print screen so you could advise if any can be removed please? Im running OTL now so will post the responses soonest Thanks again for your help
- October 4, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, Yeah unfortunately messenger still refuses to work. Ive removed programme and re-added to try and provoke a response but nothing :-S My internet (DSL maxBT internet - nr exchange Newcastle city centre) is extremely slow downloading music and films (utube) to screen often takes 2-3 times as long as the length of the clip :S Hope you had a good weekend
- October 3, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Here is the mbam report following the updates: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4724 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30/09/2010 22:25:30 mbam-log-2010-09-30 (22-25-30).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 217668 Time elapsed: 1 hour(s), 25 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks Jamie
- October 1, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, I've attached the eset log.txt below. Jamie SESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e9d75b2925edd542bcd90591d2e08762 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-30 11:34:36 # local_time=2010-10-01 12:34:36 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777173 100 75 615981 14563603 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 1262 1262 0 0 # scanned=77229 # found=0 # cleaned=0 # scan_time=4966
- October 1, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck, unfortunately no luck with combi-fix Jamie
- September 29, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

hi Starbuck, Sorry there isnt a file. I've checked for hidden and even thru command prompt - nothing. Windows updates has started dowloading some new updates so i will re-run combofix once these have been installed. Perhaps it was a gliche MS were expecting... Thanks for your help Jamie
- September 29, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi mate, I have run CF again in safe mode and it appeared to work deleteing files program files\winpcap\daemon_mgm.exe program files\winpcap\nfp_mgm.exe program files\winpcap\rpcapd.exe windows\system32\drivers\npf.sys windows\system32\packet.dll windows\system32\pthreadvc.dll windows\system32\wanpacket.dll windows\system32\wpcap.dll deleting folder program files\winPcap. It then reboots my laptop and says writing combo-fix log then tells me the filepath. Then my PC freezes appears to blue screen crash then reboots offering the same error code as above. :-( Thanks for your time and help mate Jamie
- September 28, 2010
- 45 replies
Gremlins

borojamie replied to borojamie's topic in Tech Support & Discussions Forum

Hi Starbuck no luck with the second run of combofix however the first question it asked was do i want to keep visage on, then continued to re-boot my pc and give the same error code as above :-( Jamie
- September 28, 2010
- 45 replies

Sign In

Profiles

Forums

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by borojamie