borojamie Posted September 27, 2010 Posted September 27, 2010 Hi, I was wondering if someone could advise, I think I have some gremlins bouncing around my PC. McAfee, Malwarebytes and Defender picked up something about a week ago appeared to get rid of it although since then a few things are playing up. My laptop is definately slower running. However the most distinguishing gremlin is that when i log in to windows live messenger it loads up then closes all windows. The icon remains in my running programmes (near clock) until i go to click on it when it disappears totally. I have tried re-downloading windows live programmes and messenger, restoring my system (all points prior to last week have disappeared), downloading a windows patch for live messenger and tweaking firewall, internet privacy and security options all to no avail. OTher than that everything seems to be working fine albeit slower that I'd envisage, My OS is XP Pro. Any guidance you can give would be gratefully appreciated Thanks Jamie Quote
Dalo Harkin Posted September 28, 2010 Posted September 28, 2010 Mcafee is often bundled with a PC (not a program I would recommend) and can be very obtrusive. (maybe something Intel will look into now they have 'procured' Mcafee) If you ran MB and it says that there is nothing on your system then I would trust that over a Mcafee scan. Have you looked in msconfig to check that messenger is listed under the start up programs? open a cmd (command) window and type msconfig and hit enter, it will bring up the msconfig window and on the top right there is a tab called startup there will be lots of boxes with and without ticks in them, expand the bar so that you can see what the program is (unticked ones appear at the bottom of the list) only untick any if you are 100% sure you dont need them at startup and this will also decrease the boot time into the OS :) If you need any further help with this then let us know Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Hi Dalo, Thanks for your help mate, unfortunatley messenger is checked, i have had a look at the other programmes and there isnt a lot there, altho one line is completely empty except the path in the location??? Unfortunately messenger still doesnt work :-( Quote
ExTS Admin Starbuck Posted September 28, 2010 ExTS Admin Posted September 28, 2010 Hi Jamie, Nice to see you again. Let's take a closer look and see if anything shows up. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: Both reports from OTL Thanks. Quote Member of:UNITE
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Hi Starbuck, Hope everything is going well, thanks for coming to my rescue once again Please see below from extras.txt OTL Extras logfile created on: 28/09/2010 18:27:45 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jamie panico\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 416.00 Mb Available Physical Memory | 41.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.21 Gb Total Space | 11.89 Gb Free Space | 22.34% Space Free | Partition Type: NTFS Drive D: | 53.69 Gb Total Space | 36.59 Gb Free Space | 68.15% Space Free | Partition Type: FAT32 Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FBP Current User Name: jamie panico Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\itunes\iTunes.exe" = D:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Documents and Settings\jamie panico\My Documents\samsung\npsasvr.exe" = C:\Documents and Settings\jamie panico\My Documents\samsung\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- File not found "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Documents and Settings\jamie panico\My Documents\samsung\npsvsvr.exe" = C:\Documents and Settings\jamie panico\My Documents\samsung\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- File not found "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Disabled:McAfee Shared Service Host -- (McAfee, Inc.) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1 "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) "AcerOrbiCamDrv" = Acer OrbiCam Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP "ePresentation" = Acer ePresentation Management "GridVista" = Acer GridVista "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = McAfee Internet Security "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel® PROSet/Wireless Software "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27/09/2010 20:52:06 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1212406 Error - 28/09/2010 02:50:42 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28/09/2010 02:50:42 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4000 Error - 28/09/2010 02:50:42 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4000 Error - 28/09/2010 03:11:18 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28/09/2010 03:11:18 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3922 Error - 28/09/2010 03:11:18 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3922 Error - 28/09/2010 12:44:49 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28/09/2010 12:44:49 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2125 Error - 28/09/2010 12:44:49 | Computer Name = FBP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2125 [ System Events ] Error - 28/09/2010 13:19:03 | Computer Name = FBP | Source = Service Control Manager | ID = 7034 Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s). Error - 28/09/2010 13:19:03 | Computer Name = FBP | Source = Service Control Manager | ID = 7034 Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s). Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7034 Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:19:07 | Computer Name = FBP | Source = Service Control Manager | ID = 7031 Description = The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 28/09/2010 13:20:01 | Computer Name = FBP | Source = Service Control Manager | ID = 7034 Description = The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). < End of report > Quote
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Please find attached text from OTL.txt thanks for your help mate OTL logfile created on: 28/09/2010 18:27:42 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jamie panico\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 416.00 Mb Available Physical Memory | 41.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.21 Gb Total Space | 11.89 Gb Free Space | 22.34% Space Free | Partition Type: NTFS Drive D: | 53.69 Gb Total Space | 36.59 Gb Free Space | 68.15% Space Free | Partition Type: FAT32 Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FBP Current User Name: jamie panico Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\jamie panico\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\jamie panico\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\jamie panico\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\MSNChatHook.dll () MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\MFC71ENU.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McOobeSv) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech) SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys () DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys () DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 73 6C DE 6F D6 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/23 17:49:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/10 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100923174159.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\jamie panico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\jamie panico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/18 23:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/11/06 23:20:46 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006/11/06 22:59:47 | 000,569,344 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006/11/06 23:18:16 | 000,000,180 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006/10/29 03:39:19 | 000,880,640 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Documents and Settings^jamie panico^Start Menu^Programs^Accessories^Startup^Seagate 2GHKJ3Y0 Product Registration.lnk - C:\Documents and Settings\jamie panico\Application Data\Leadertech\PowerRegister\Seagate 2GHKJ3Y0 Product Registration.exe - (Leader Technologies/Seagate) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\itunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 30 Days ========== [2010/09/28 18:25:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\OTL.exe [2010/09/28 18:13:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\TFC.exe [2010/09/28 17:24:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/09/27 21:49:35 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/09/25 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jamie panico\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files [2010/09/24 23:50:30 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/09/24 23:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2010/09/24 17:44:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server [2010/09/23 17:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/09/23 17:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/09/23 17:41:57 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys [2010/09/23 17:41:52 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe [2010/09/23 17:41:49 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys [2010/09/23 17:41:49 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2010/09/23 17:41:49 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2010/09/23 17:41:49 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/09/23 17:41:49 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys [2010/09/23 17:41:49 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys [2010/09/23 17:41:49 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2010/09/23 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2010/09/23 17:22:18 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2010/09/23 17:22:17 | 000,386,712 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2010/09/06 23:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jamie panico\Application Data\Media Player Classic [2010/09/06 21:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles ========== Files - Modified Within 30 Days ========== [2010/09/28 18:26:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/09/28 18:25:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\OTL.exe [2010/09/28 18:24:00 | 000,000,644 | ---- | M] () -- C:\WINDOWS\win.ini [2010/09/28 18:23:37 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010/09/28 18:23:09 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk [2010/09/28 18:22:47 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/09/28 18:22:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/28 18:22:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/28 18:22:30 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2010/09/28 18:20:43 | 006,438,912 | ---- | M] () -- C:\Documents and Settings\jamie panico\ntuser.dat [2010/09/28 18:20:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jamie panico\ntuser.ini [2010/09/28 18:13:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jamie panico\Desktop\TFC.exe [2010/09/28 17:27:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/28 17:27:26 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2010/09/28 16:43:08 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CCC4F8B-1DE7-451A-B5F3-48DBC9FF26D9}.job [2010/09/27 22:32:03 | 000,041,512 | ---- | M] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/09/27 22:29:22 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/09/27 21:54:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/27 17:51:43 | 000,086,961 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\untitled.JPG [2010/09/27 17:50:58 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\Document1.doc [2010/09/25 00:37:40 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/24 22:44:30 | 000,846,294 | ---- | M] () -- C:\Documents and Settings\jamie panico\Desktop\failbook.bmp [2010/09/19 18:18:14 | 000,002,131 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk [2010/09/16 19:35:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/09/05 22:01:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jamie panico\My Documents\PDVD_MediaDisc.PlayList ========== Files Created - No Company Name ========== [2010/09/27 21:46:57 | 006,438,912 | ---- | C] () -- C:\Documents and Settings\jamie panico\ntuser.dat [2010/09/27 17:51:42 | 000,086,961 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\untitled.JPG [2010/09/27 17:50:56 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\Document1.doc [2010/09/24 23:52:41 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/09/24 22:44:29 | 000,846,294 | ---- | C] () -- C:\Documents and Settings\jamie panico\Desktop\failbook.bmp [2010/09/24 21:39:31 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk [2010/09/19 18:18:14 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk [2010/09/05 22:01:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jamie panico\My Documents\PDVD_MediaDisc.PlayList [2010/09/01 11:53:53 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jamie panico\My Documents\200club.doc [2010/04/26 22:40:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/03/22 17:50:02 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/03/22 17:50:02 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/03/22 17:49:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\jamie panico\Application Data\$_hpcst$.hpc [2010/03/17 17:15:14 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/03/17 17:15:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/03/17 17:15:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/03/17 17:15:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/03/17 17:15:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/03/17 17:15:08 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/03/17 17:15:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/03/16 17:20:16 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/12 11:11:46 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2010/03/12 11:08:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2010/03/12 11:08:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2010/03/12 11:08:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2010/03/12 11:08:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2010/03/12 11:08:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2010/03/12 11:07:26 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2010/03/12 11:04:16 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2010/03/12 10:59:17 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\fusioncache.dat [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/08/19 09:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/08/18 23:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/08/18 23:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/06/23 11:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2006/06/23 11:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2006/06/19 12:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/16 20:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2006/06/12 17:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/06/12 17:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/06/12 17:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/06/12 17:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/06/12 17:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/12/14 21:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/10/31 19:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/26 15:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/05/02 13:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005/03/28 16:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 18:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/10 21:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/12/29 21:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2006/08/18 23:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer [2010/03/22 17:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2010/04/07 18:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2006/08/18 23:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\Acer [2010/04/07 13:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\Leadertech [2010/03/21 02:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\MSNInstaller [2010/06/05 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\My Battle for Middle-earth Files [2010/09/19 17:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\My Battle for Middle-earth II Files [2010/09/27 22:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files [2010/03/22 17:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\PC Suite [2010/06/26 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jamie panico\Application Data\Samsung [2010/09/28 18:26:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/09/28 16:43:08 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7CCC4F8B-1DE7-451A-B5F3-48DBC9FF26D9}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/10 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2010/03/16 16:27:39 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2004/08/10 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/03/16 16:27:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/10 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2010/03/16 16:27:39 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2004/08/10 21:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/03/16 16:27:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/10 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/10 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2009/02/06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009/02/06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll [2004/08/10 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/10 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 01:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 01:11:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < End of report > Quote
ExTS Admin Starbuck Posted September 28, 2010 ExTS Admin Posted September 28, 2010 Hi Jamie, I'm well thanks. McAfee, Malwarebytes and Defender picked up something about a week ago appeared to get rid of it Can you remember what was found? If MBAM found anything you should be able to retrieve the log report: Start Malwarebytes AntiMalware. Click on the logs tab. The logs are date stamped ... double click on the log that showed the infection items. It'll open in notepad. There's not really much showing that's out of the ordinary.... just some orphan entries. We'll get rid of those and do a general cleanup then we'll try a deeper scan. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [] File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2010/09/25 00:37:40 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jamie panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 As you are running McAfee, please read the note at the bottom: McAfee and Combofix don't like eachother lol. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. NOTE: McAfee can be awkward to disable. To disable your McAfee security programs please refer to the clip below. http://img.photobucket.com/albums/v666/sUBs/mcafee_disable.gif Please don't forget to retrace the steps to re-enable McAfee after running the scan. In your next reply, please submit: Otl fix report Combofix.txt and the MBAM report that showed the earlier removed infections, if it's still there. Thanks. Quote Member of:UNITE
borojamie Posted September 28, 2010 Author Posted September 28, 2010 cool going well for the swans tnight too :-) cant believe we are now 3-1 down :-( PSA the log from mbam as requested Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4684 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24/09/2010 17:38:28 mbam-log-2010-09-24 (17-38-28).txt Scan type: Quick scan Objects scanned: 147314 Time elapsed: 18 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Quote
borojamie Posted September 28, 2010 Author Posted September 28, 2010 the otl log worked mate, thanks All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\jamie panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jamie panico ->Temp folder emptied: 2590145 bytes ->Temporary Internet Files folder emptied: 22398714 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 14462 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 896 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 525096 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 24.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: All Users User: Default User User: jamie panico ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09282010_211114 Files\Folders moved on Reboot... C:\Documents and Settings\jamie panico\Local Settings\Temp\~DFB773.tmp moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temp\~DFC385.tmp moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\XOWB9B6H\ai[6].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\XOWB9B6H\facebook_com[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\XOWB9B6H\redirectiframe[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\10566-gremlins[1].html moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\adsCAPMFAMO.htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\ai[6].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\default[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\InboxLight[2].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\LocalStorage[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\KC31G40Z\xmlProxy[2].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\JO1794H2\11[2].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\JO1794H2\ads[8].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\JO1794H2\Messenger[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\JO1794H2\xmlProxy[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\GS3L1CA0\01[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\Content.IE5\GS3L1CA0\****onthemakems[1].htm moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\jamie panico\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. File\Folder C:\WINDOWS\temp\TMP000000133E67D11AA1ADC428 not found! Registry entries deleted on Reboot... Quote
ExTS Admin Starbuck Posted September 28, 2010 ExTS Admin Posted September 28, 2010 cool going well for the swans tnight too :-) Yep, 0 - 3 away at Watford is a nice result. and Cardiff can only manage a draw :p Thanks for the MBAM report. There was no indication of AntivirSolution in the OTL reports. Let's see if CF can find any leftovers. Quote Member of:UNITE
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Hi Starbuck, held on in the end :-) much better than our dismal display. Combofix looks like it had changed a lot since last time we used it, it followed the basic steps through and downloaded the recovery console however all other action happend in a ms dos bluescreen eventually rebooting my computer stating a fatal error occurred code: BCCode : 19 BCP1 : 00000020 BCP2 : 854EAAD0 BCP3 : 854EAEE8 BCP4 : 1A830014 OSVer : 5_1_2600 SP : 3_0 Product : 256_1 I can confirm that mcafee virus scan and firewall were switched off. I have double checked this against security in control panel. I will try and run combofix again... Quote
ExTS Admin Starbuck Posted September 28, 2010 ExTS Admin Posted September 28, 2010 Combofix should still work and run the same as last time. If you do have problems running it in normal mode, try running it in safe mode. Quote Member of:UNITE
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Hi Starbuck no luck with the second run of combofix however the first question it asked was do i want to keep visage on, then continued to re-boot my pc and give the same error code as above :-( Jamie Quote
borojamie Posted September 28, 2010 Author Posted September 28, 2010 Hi mate, I have run CF again in safe mode and it appeared to work deleteing files program files\winpcap\daemon_mgm.exe program files\winpcap\nfp_mgm.exe program files\winpcap\rpcapd.exe windows\system32\drivers\npf.sys windows\system32\packet.dll windows\system32\pthreadvc.dll windows\system32\wanpacket.dll windows\system32\wpcap.dll deleting folder program files\winPcap. It then reboots my laptop and says writing combo-fix log then tells me the filepath. Then my PC freezes appears to blue screen crash then reboots offering the same error code as above. :-( Thanks for your time and help mate Jamie Quote
ExTS Admin Starbuck Posted September 28, 2010 ExTS Admin Posted September 28, 2010 Hi Jamie, Is there a report at the following location: C:\ComboFix.txt Quote Member of:UNITE
borojamie Posted September 29, 2010 Author Posted September 29, 2010 hi Starbuck, Sorry there isnt a file. I've checked for hidden and even thru command prompt - nothing. Windows updates has started dowloading some new updates so i will re-run combofix once these have been installed. Perhaps it was a gliche MS were expecting... Thanks for your help Jamie Quote
borojamie Posted September 29, 2010 Author Posted September 29, 2010 Hi Starbuck, unfortunately no luck with combi-fix Jamie Quote
ExTS Admin Starbuck Posted September 30, 2010 ExTS Admin Posted September 30, 2010 Hi Jamie, Let's have a check and see if there's anything on the system that may be trying to stop CF. Step 1 MBAM has been updated 38 times since your last scan report. Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/mbam1.png Click Check for Updates http://img.photobucket.com/albums/v708/starbuck50/mbam2.png If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt In your next reply, please submit: MBAM scan report Eset scan report Thanks. Quote Member of:UNITE
borojamie Posted October 1, 2010 Author Posted October 1, 2010 Hi Starbuck, I've attached the eset log.txt below. Jamie SESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e9d75b2925edd542bcd90591d2e08762 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-30 11:34:36 # local_time=2010-10-01 12:34:36 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777173 100 75 615981 14563603 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 1262 1262 0 0 # scanned=77229 # found=0 # cleaned=0 # scan_time=4966 Quote
borojamie Posted October 1, 2010 Author Posted October 1, 2010 Here is the mbam report following the updates: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4724 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30/09/2010 22:25:30 mbam-log-2010-09-30 (22-25-30).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 217668 Time elapsed: 1 hour(s), 25 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks Jamie Quote
ExTS Admin Starbuck Posted October 1, 2010 ExTS Admin Posted October 1, 2010 Hi Jamie, 2 nice clean reports. Are you still having problems with messenger? Is the system still running slow or has it improved? Quote Member of:UNITE
borojamie Posted October 3, 2010 Author Posted October 3, 2010 Hi Starbuck, Yeah unfortunately messenger still refuses to work. Ive removed programme and re-added to try and provoke a response but nothing :-S My internet (DSL maxBT internet - nr exchange Newcastle city centre) is extremely slow downloading music and films (utube) to screen often takes 2-3 times as long as the length of the clip :S Hope you had a good weekend Quote
RandyL Posted October 4, 2010 Posted October 4, 2010 All I have are some guesses but make sure you are done with the clean proccess first. Possibly firewall settings. The easiest way to check that is to temporarily turn off the firewall. Conflicting security programs. I see you have tried a few in the past. Only run 1 AV and 1 firewall at a time. If you have a Mcafee security suite and are running Windows Defender at the same time that is a possible problem per Mcafee. Uninstalling a messenger before reinstalling often works but on rare occasions you may have to delete the leftover program files before reinstalling. I always suggest making a restore point first. Which reminds me make sure System Restore is working. Like I said finish the clean with Starbuck before doing anything else. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
ExTS Admin Starbuck Posted October 4, 2010 ExTS Admin Posted October 4, 2010 Hi Jamie, Make sure that 'Messenger' has been removed, then let me have a fresh set of reports from OTL. I'll check to see if there's any leftovers before you try to reinstall the program. Which reminds me make sure System Restore is working. Yes, SR is working. Otl set a new restore point when it ran: CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) Use these instructions to re-run OTL: Double click on OTL.exe to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Quote Member of:UNITE
borojamie Posted October 4, 2010 Author Posted October 4, 2010 Thanks Randy & Starbuck, I reset all internet explorer security and privacy settings which has now allowed messenger to work. However I have now removed messenger for the next OTL run. Ive taken off mcafee and defender for now but can always reinstall. I am avoiding most websites at the moment as i realise i am totally vunerable Having looked in my start up files there are a lot of bizarre entries i dont recognise altho this might be because im a xp biff lol The same in my add/remove programmes is there anyway i can cut & paste the text or just print screen so you could advise if any can be removed please? Im running OTL now so will post the responses soonest Thanks again for your help Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.