Little Gem Posted November 20, 2011 Posted November 20, 2011 Hi Whatever I've got on my Windows 7 is not making my laptop very happy. It keeps turning off my security, doesn't like to be on the internet, freezes everything and then won't shut down properly. I've run Malwarebytes and OTL as stated on your site. I've run Malwarebytes a few times and it always stops at the same place. I've attached a copy of the screen. On the same copy, I've attached a copy of the Microsoft Safety Scanner I did a couple of days ago which froze on the same file. I downloaded and re run Malwarebytes from your link and updated it, but it froze on the same file. OTL completed and the information you required is below:- OTL logfile created on: 20/11/2011 12:26:07 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alannah\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.12% Memory free 4.74 Gb Paging File | 3.24 Gb Available in Paging File | 68.25% Paging File free Paging file location(s): c:\pagefile.sys 2047 2047 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.78 Gb Total Space | 165.44 Gb Free Space | 74.93% Space Free | Partition Type: NTFS Computer Name: ALANNAH-PC | User Name: Alannah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alannah\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\TalkTalk\Security\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\TalkTalk\Security\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\TalkTalk\Security\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - \\?\c:\program files (x86)\talktalk\security\hips\fshook32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (FSORSPClient) -- C:\Program Files (x86)\TalkTalk\Security\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\TalkTalk\Security\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (FSMA) -- C:\Program Files (x86)\TalkTalk\Security\Common\FSMA32.EXE (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (PAC7302) -- C:\Windows\SysNative\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\TalkTalk\Security\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\TalkTalk\Security\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.) DRV - (PAC7302) -- C:\Windows\SysWOW64\drivers\PAC7302.sys (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360810d715l03d4z105t4972x357 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360810d715l03d4z105t4972x357 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360810d715l03d4z105t4972x357 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360810d715l03d4z105t4972x357 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alannah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\TalkTalk\Security\NRS\litmus-ff@f-secure.com [2011/11/08 21:48:14 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Alannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alannah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\Alannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\TalkTalk\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Alannah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\TalkTalk\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{419BCC2A-9E26-4E56-9DFB-270EFB2DA21F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: F-Secure Manager - hkey= - key= - C:\Program Files (x86)\TalkTalk\Security\Common\FSM32.EXE (F-Secure Corporation) MsConfig:64bit - StartUpReg: F-Secure TNB - hkey= - key= - C:\Program Files (x86)\TalkTalk\Security\FSGUI\TNBUtil.exe (F-Secure Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/20 12:22:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alannah\Desktop\OTL.scr [2011/11/20 12:17:53 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{EA14F4AB-F049-460C-8D4F-67E03FADF6DA} [2011/11/20 11:10:55 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{30EF1F77-AA99-47E1-BE2E-9905B2817282} [2011/11/20 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{147FF24B-5345-43A1-8E0D-1159B48EEF5D} [2011/11/20 10:53:04 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{D447BE92-ACF8-4175-912A-B3CCEACADD12} [2011/11/19 10:48:34 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{8B023090-36D3-4694-865E-0F20E92A6E6E} [2011/11/19 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{2BFDF86D-C97C-46E0-AF2B-F8E4A5A0CF64} [2011/11/14 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{94FB62F9-F37A-4608-ADC7-AD0754815A47} [2011/11/14 20:13:23 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{88B4293B-8D42-4C31-87C2-D0CD1CC93312} [2011/11/12 22:08:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/11/12 20:11:30 | 050,295,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/11/12 20:10:43 | 015,134,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Alannah\Desktop\windows-kb890830-v4.2.exe [2011/11/12 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{DA47ECF4-391D-484A-9C87-35E844EDFA77} [2011/11/11 20:00:45 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Roaming\Malwarebytes [2011/11/11 20:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/11 20:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/11 20:00:19 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/11/11 20:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/11/11 19:58:35 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alannah\Desktop\mbam-setup-1.51.2.1300.exe [2011/11/11 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{25F3C623-91A7-4998-8337-B3E886D9FB68} [2011/11/11 09:43:06 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/11/11 09:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2011/11/11 09:17:24 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{E3E0C022-74C9-4F0C-8BE5-45C9420AAE8C} [2011/11/11 09:17:04 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{80C716CA-8F0A-4F80-AA6F-7C75327B69BF} [2011/11/10 17:35:15 | 076,607,184 | ---- | C] (Microsoft Corporation) -- C:\Users\Alannah\Desktop\msert.exe [2011/11/10 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{09F106A0-314C-4EF4-B217-FF669801A280} [2011/11/10 17:33:27 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{7E2119A9-F42C-4F75-B7A5-DE427E4E30EC} [2011/11/08 21:57:56 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{5BCBE237-0AE1-42D0-9247-343188EAFF92} [2011/11/08 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{FF354919-4FD3-4CA0-98EB-FA04868A4B98} [2011/11/08 21:41:35 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{0F6DD7B0-9EAD-4CB5-8E93-409E9BC6D3C0} [2011/11/08 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{B4AC6BAC-7539-4867-81B1-2128B15F8516} [2011/10/28 14:18:33 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{19AA4D10-664F-4474-9232-2FEC1C249707} [2011/10/25 21:37:11 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{8B064DC8-AC74-4E0D-B685-7221E654C8C8} [2011/10/25 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{F1435528-4025-4422-9DD0-BA5744FAE9F1} [2011/10/25 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{AE6BD556-E330-4B36-982B-7DE69BF2E700} [2011/10/25 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{0E771243-7C0F-471B-873B-E6EE2FC6B3A8} [2011/10/24 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{52E323A3-CC9A-414D-B0EF-B6E81F17DC80} [2011/10/24 08:34:03 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{4BC46346-256F-437B-A087-244A55CEAB47} [2011/10/24 08:30:23 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{1B65E2BE-B0A4-437E-B844-8B1D5DCA66AB} [2011/10/23 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{3664116B-F66F-42E2-97C7-F5A9B5169A1A} [2011/10/23 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\Alannah\AppData\Local\{51431145-CDC2-48E7-909E-DB3EDF3E7D3A} [2009/11/03 01:13:48 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [19 C:\Users\Alannah\AppData\Local\*.tmp files -> C:\Users\Alannah\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/20 12:23:23 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/20 12:23:23 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/20 12:23:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/20 12:16:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/20 12:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/11/20 12:15:37 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys [2011/11/20 12:07:18 | 000,208,384 | ---- | M] () -- C:\Users\Alannah\Desktop\scan.wps [2011/11/20 12:07:18 | 000,000,082 | ---- | M] () -- C:\Users\Alannah\AppData\Roaming\wklnhst.dat [2011/11/20 11:56:17 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1083190406-3403072553-44478306-1001UA.job [2011/11/20 11:12:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/11/20 10:55:33 | 000,001,137 | ---- | M] () -- C:\Users\Alannah\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/11/20 10:41:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alannah\Desktop\OTL.scr [2011/11/20 10:32:48 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alannah\Desktop\mbam-setup-1.51.2.1300.exe [2011/11/14 21:23:08 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{C6B27F95-0F86-4784-A590-4479EEA6FE0A} [2011/11/14 20:56:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1083190406-3403072553-44478306-1001Core.job [2011/11/14 20:16:59 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/11/12 21:36:31 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{098DE5A5-20AF-4FC7-AEB7-B763305E467C} [2011/11/12 20:10:08 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{018C5D42-CC43-4613-A512-A1AF3F6613C5} [2011/11/12 20:08:15 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{AEEA0323-3514-479E-9751-D4CC5C4CCE78} [2011/11/12 19:16:08 | 015,134,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Alannah\Desktop\windows-kb890830-v4.2.exe [2011/11/11 21:00:33 | 000,007,625 | ---- | M] () -- C:\Users\Alannah\AppData\Local\Resmon.ResmonCfg [2011/11/11 17:36:54 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{583CFBBC-AF09-4C87-8E75-FEF0D4AFA3EB} [2011/11/11 17:34:58 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{6316E7F4-CC0B-4B3D-BBC2-1474BC135BBD} [2011/11/10 17:28:28 | 076,607,184 | ---- | M] (Microsoft Corporation) -- C:\Users\Alannah\Desktop\msert.exe [2011/11/08 21:57:56 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{1313EB66-C02E-47B6-87BF-8C026E675697} [2011/11/02 22:12:55 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{B7F29107-C571-4491-86E2-9C0F3314E1FA} [2011/11/02 14:45:12 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{CF4444A1-2BBC-40AC-98E2-B0407AACA02D} [2011/11/01 15:18:30 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{1CE18BC8-0D6B-4C28-A7C1-4AF4465381BB} [2011/10/29 17:42:51 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{2D680621-2EA4-4FB2-96BC-7DFB7704A9E3} [2011/10/28 14:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{7A08B5E7-EC48-4CBA-A5EC-6A255B18BFFA} [2011/10/28 14:20:25 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{81FACCBE-FB1D-4FD8-9FED-8A697BE36ABB} [2011/10/27 22:04:56 | 050,295,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/10/26 10:41:25 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{70AF1E3D-E025-4DB3-A116-39C4B54DD2BD} [2011/10/25 21:38:28 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{8549B80F-7CF5-4C8B-BD88-C897B1589403} [2011/10/25 21:08:34 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{45A0D3FA-4D1B-4EB1-8DFF-AEB82F7282CA} [2011/10/23 21:07:05 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{3D918AA8-2272-4E92-81C6-3C6769B44C5B} [2011/10/22 10:52:22 | 000,000,000 | ---- | M] () -- C:\Users\Alannah\AppData\Local\{9C26EEA1-D370-46FB-A8F3-C08F1C7CF55D} [19 C:\Users\Alannah\AppData\Local\*.tmp files -> C:\Users\Alannah\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/14 21:23:08 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{C6B27F95-0F86-4784-A590-4479EEA6FE0A} [2011/11/12 21:57:24 | 001,007,108 | ---- | C] () -- C:\Users\Alannah\Desktop\rkill.exe [2011/11/12 21:36:31 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{098DE5A5-20AF-4FC7-AEB7-B763305E467C} [2011/11/12 20:10:08 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{018C5D42-CC43-4613-A512-A1AF3F6613C5} [2011/11/12 20:08:15 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{AEEA0323-3514-479E-9751-D4CC5C4CCE78} [2011/11/11 21:00:33 | 000,007,625 | ---- | C] () -- C:\Users\Alannah\AppData\Local\Resmon.ResmonCfg [2011/11/11 20:00:29 | 000,001,137 | ---- | C] () -- C:\Users\Alannah\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/11/11 17:36:54 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{583CFBBC-AF09-4C87-8E75-FEF0D4AFA3EB} [2011/11/11 17:34:58 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{6316E7F4-CC0B-4B3D-BBC2-1474BC135BBD} [2011/11/11 15:51:43 | 000,208,384 | ---- | C] () -- C:\Users\Alannah\Desktop\scan.wps [2011/11/08 21:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{1313EB66-C02E-47B6-87BF-8C026E675697} [2011/11/02 22:12:55 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{B7F29107-C571-4491-86E2-9C0F3314E1FA} [2011/11/02 14:45:12 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{CF4444A1-2BBC-40AC-98E2-B0407AACA02D} [2011/11/01 15:18:30 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{1CE18BC8-0D6B-4C28-A7C1-4AF4465381BB} [2011/10/29 17:42:51 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{2D680621-2EA4-4FB2-96BC-7DFB7704A9E3} [2011/10/28 14:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{7A08B5E7-EC48-4CBA-A5EC-6A255B18BFFA} [2011/10/28 14:20:25 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{81FACCBE-FB1D-4FD8-9FED-8A697BE36ABB} [2011/10/26 10:41:25 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{70AF1E3D-E025-4DB3-A116-39C4B54DD2BD} [2011/10/25 21:38:28 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{8549B80F-7CF5-4C8B-BD88-C897B1589403} [2011/10/25 21:08:34 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{45A0D3FA-4D1B-4EB1-8DFF-AEB82F7282CA} [2011/10/23 21:07:05 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{3D918AA8-2272-4E92-81C6-3C6769B44C5B} [2011/10/22 10:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{9C26EEA1-D370-46FB-A8F3-C08F1C7CF55D} [2011/10/20 20:23:12 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{75799771-C808-4537-8862-E4592362792B} [2011/10/20 18:05:49 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{5921BED4-C245-4C72-B36B-7B6801CB0222} [2011/10/20 17:49:50 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{D8992E9C-E0A9-4CAA-8EA0-11FE6F6DAA8D} [2011/10/19 21:21:08 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{AC465BFB-B2DC-4AFD-AB8C-199003614E39} [2011/10/19 21:19:26 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{4A1542D7-2B95-4AFD-AE20-5BD49B02F04B} [2011/10/18 20:23:09 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{3D2DC747-A6A2-4222-A2A6-99A61F813C8D} [2011/10/18 20:01:58 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{FCF221EC-4BAE-46F0-B095-549931B69280} [2011/10/18 19:21:39 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{55E6CB1E-757A-40BD-97EF-EC65F34F2E65} [2011/10/18 19:20:06 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{09BBF6B3-D412-4818-816F-85DE86A95775} [2011/09/23 13:09:09 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{12750908-FF21-4119-B224-0B0668D970A7} [2011/09/11 19:35:31 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{3B993240-0DB5-4B83-B026-77EAC77AC49F} [2011/08/22 21:38:15 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{A0E83686-C8E6-496F-A726-D62F0DD2E4E4} [2011/07/15 15:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{D1A5D473-CB8E-4074-876D-FDE185617DAF} [2011/07/13 19:58:43 | 000,000,000 | ---- | C] () -- C:\Users\Alannah\AppData\Local\{C90585C1-E236-43DE-AACA-773AD2B898B6} [2011/07/06 19:30:28 | 000,000,306 | ---- | C] () -- C:\Windows\SIERRA.INI [2011/03/21 21:23:26 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011/03/21 21:22:20 | 000,746,398 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/30 15:12:00 | 000,000,082 | ---- | C] () -- C:\Users\Alannah\AppData\Roaming\wklnhst.dat [2010/10/18 18:29:21 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe [2010/10/18 18:29:18 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini [2009/11/03 01:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010/12/30 15:19:57 | 000,000,000 | -HSD | M] -- C:\Users\Alannah\AppData\Roaming\.# [2011/10/12 20:04:27 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\.minecraft [2010/12/30 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\GameConsole [2010/08/25 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\PlayFirst [2010/12/30 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\Template [2010/08/25 11:20:54 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\ViquaSoft [2011/05/09 17:44:43 | 000,000,000 | ---D | M] -- C:\Users\Alannah\AppData\Roaming\Windows Live Writer [2011/11/14 20:56:04 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1083190406-3403072553-44478306-1001Core.job [2011/11/20 11:56:17 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1083190406-3403072553-44478306-1001UA.job [2011/09/05 21:17:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/11/03 01:01:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011/11/20 12:15:37 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys [2011/06/23 19:06:43 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT [2011/11/20 12:15:38 | 2146,435,072 | -HS- | M] () -- C:\pagefile.sys [2009/11/03 01:12:49 | 000,002,051 | ---- | M] () -- C:\RHDSetup.log [2011/11/12 22:05:48 | 000,000,361 | ---- | M] () -- C:\rkill.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 12:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 12:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 12:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > OTL Extras logfile created on: 20/11/2011 12:26:07 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alannah\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.12% Memory free 4.74 Gb Paging File | 3.24 Gb Available in Paging File | 68.25% Paging File free Paging file location(s): c:\pagefile.sys 2047 2047 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.78 Gb Total Space | 165.44 Gb Free Space | 74.93% Space Free | Partition Type: NTFS Computer Name: ALANNAH-PC | User Name: Alannah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish "{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional "{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian "{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy "{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai "{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian "{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian "{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech "{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = CANYON USB PC CAMERA "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard "{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "F-Secure Product 444" = TalkTalk Security "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "LManager" = Launch Manager "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Pharaoh" = Pharaoh "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/10/2011 12:10:28 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 13:00:58 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 13:10:56 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 13:46:07 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 14:02:55 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 14:08:25 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 16:08:59 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 16:11:31 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 20/10/2011 17:12:41 | Computer Name = Alannah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 28/10/2011 10:17:43 | Computer Name = Alannah-PC | Source = Bonjour Service | ID = 100 Description = WSARecvMsg failed (10022) [ System Events ] Error - 20/11/2011 08:15:42 | Computer Name = Alannah-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 20/11/2011 08:15:42 | Computer Name = Alannah-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 20/11/2011 08:16:13 | Computer Name = Alannah-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 20/11/2011 08:21:51 | Computer Name = Alannah-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 20/11/2011 08:29:35 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/11/2011 08:29:35 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/11/2011 08:30:04 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/11/2011 08:30:59 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/11/2011 08:31:12 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/11/2011 08:31:13 | Computer Name = Alannah-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = < End of report > Hope you can help, Thanksscans.doc Quote
Starbuck Posted November 20, 2011 Posted November 20, 2011 Hi Little Gem I downloaded and re run Malwarebytes from your link and updated it, but it froze on the same file. If everything seems to be stopping on this file, then the first course of action would be to delete it. The MBAM pic was too small to see the full file name. c:\Windows\SoftwareDistribution\Downloads is where the automatic updates store the updates before installing them. So these files can be removed. It would be best to turn off the automatic updates before removing the file though. Just in case some updates are being installed at the same time. So just navigate to: c:\Windows\SoftwareDistribution\Downloads open that folder and then look for the offending file. Right click on it and select delete. After the file has been deleted, empty your recycle bin. I've attached a copy of the Microsoft Safety Scanner I did a couple of days ago which froze on the same file. Was this just the stand alone scanner or the full Microsoft Security Essentials program. If it's the full program you may have conflicts with your Talk Talk Security. Talk Talk Security uses F-Secure Internet Security Take a look here, it's not rated very well. http://www.zdnet.co.uk/news/security-management/2011/05/11/expert-questions-talktalks-homesafe-service-40092742/ It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. So if you have 2 Anti Virus programs installed..... one needs to be removed. After you remove the offending file, try running MBAM again. If it still doesn't run, try running it in safe mode. To Reboot in to 'Safe Mode' Restart your computer. When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Advanced Boot Options. Select the Safe Mode option using the arrow keys. Then press the enter key on your keyboard to boot into Safe Mode. When Windows starts you will be at a typical logon screen. Logon to your computer and enter Safe mode. Let me know how things go. Quote Member of:UNITE
Little Gem Posted November 21, 2011 Author Posted November 21, 2011 Hi Starbuck Done everything you said. Ran Microsoft Security Essentials and found one medium risk file. Deleted it and everything seems good so far. I'll run it for a few days and see if it has fixed it completely. If not, I hope I can come back to you. Thanks for your help Quote
Starbuck Posted November 21, 2011 Posted November 21, 2011 Hi Little Gem Done everything you said. Did the file delete ok? Did you remove the Talk Talk Security? Have you managed to run MBAM? If not, I hope I can come back to you. Of course, any time. (always reply in the post and i'll receive a notification ) Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.