Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: suspected malware/spyware mouse hangs regularly, cpu @100% when it happens.

  1. #21
    Junior Member
    Join Date
    Jun 2009
    Location
    Dublin Ireland
    Posts
    16

    Default rooter scan report

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    .
    [wscsvc] STOPPED (state:1) : Security Center -> Disabled !
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Disabled !
    .
    Internet Explorer 8.0.6001.18702
    Mozilla Firefox 3.6.9 (en-US)
    .
    C:\ [Fixed-NTFS] .. ( Total:38 Go - Free:16 Go )
    D:\ [CD_Rom]
    E:\ [CD_Rom]
    U:\ [Fixed-NTFS] .. ( Total:38 Go - Free:36 Go )
    .
    Scan : 00:59.58
    Path : C:\Documents and Settings\Administrator\Desktop\Rooter.exe
    User : Administrator ( Administrator -> YES )
    .
    ----------------------\\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (404)
    ______ \??\C:\WINDOWS\system32\csrss.exe (452)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (476)
    ______ C:\WINDOWS\system32\services.exe (520)
    ______ C:\WINDOWS\system32\lsass.exe (540)
    ______ C:\WINDOWS\system32\svchost.exe (700)
    ______ C:\WINDOWS\system32\svchost.exe (760)
    ______ C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (800)
    ______ C:\WINDOWS\System32\svchost.exe (836)
    ______ C:\WINDOWS\system32\svchost.exe (920)
    ______ C:\WINDOWS\system32\svchost.exe (1020)
    ______ C:\WINDOWS\system32\svchost.exe (1088)
    ______ C:\Program Files\Tall Emu\Online Armor\oacat.exe (1192)
    ______ C:\Program Files\Tall Emu\Online Armor\oasrv.exe (1208)
    ______ C:\WINDOWS\system32\spoolsv.exe (1492)
    ______ C:\WINDOWS\system32\svchost.exe (1656)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (1896)
    ______ C:\WINDOWS\system32\HPZipm12.exe (2044)
    ______ C:\WINDOWS\system32\svchost.exe (240)
    ______ C:\WINDOWS\System32\alg.exe (1252)
    ______ C:\WINDOWS\Explorer.EXE (3220)
    ______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3724)
    ______ C:\WINDOWS\PixArt\PAC7302\Monitor.exe (3896)
    ______ C:\Program Files\Tall Emu\Online Armor\oaui.exe (4000)
    ______ C:\Program Files\Microsoft Security Essentials\msseces.exe (392)
    ______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (1572)
    ______ C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (1036)
    ______ C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (2256)
    ______ C:\WINDOWS\system32\ctfmon.exe (2208)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1752)
    ______ C:\Program Files\Micronet Wireless Network Utility\RtWlan.exe (2732)
    ______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (368)
    ______ C:\Program Files\Mozilla Firefox\firefox.exe (3888)
    ______ C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (324)
    ______ C:\Documents and Settings\Administrator\Desktop\Rooter.exe (2776)
    .
    ----------------------\\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:41093466624)
    .
    ----------------------\\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\Disk Cleanup.job
    C:\WINDOWS\Tasks\Google Software Updater.job
    C:\WINDOWS\Tasks\MP Scheduled Scan.job
    C:\WINDOWS\Tasks\SA.DAT
    .
    ----------------------\\ Registry
    .
    .
    ----------------------\\ Files & Folders
    .
    ----------------------\\ Scan completed at 01:00.26
    .
    C:\Rooter$\Rooter_1.txt - (10/09/2010 | 01:00.26)

  2. #22
    Junior Member
    Join Date
    Jun 2009
    Location
    Dublin Ireland
    Posts
    16

    Default otl extras.

    OTL Extras logfile created on: 9/10/2010 1:07:22 AM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 550.00 Mb Available Physical Memory | 54.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2500 3000U:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.27 Gb Total Space | 16.26 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive U: | 38.28 Gb Total Space | 36.64 Gb Free Space | 95.71% Space Free | Partition Type: NTFS

    Computer Name: COMPSOC-HOME
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = SeaMonkeyHTML] -- C:\Program Files\SeaMonkey\seamonkey.exe (mozilla.org)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
    "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6EA3A8A6-4B6B-4288-B8FB-3EB11A403ED3}" = Eye 312
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{868F24EB-5CA7-4285-B39B-3617CF37462A}" = D2300_Help
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
    "{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B41F5ED6-4D67-4FAA-B787-D5DF1DD0EC80}" = Micronet Wireless Network Utility
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D297A783-A680-4FDB-8882-913EBA36ABC5}" = D2300
    "{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "C-Media Audio Driver" = C-Media WDM Audio Driver
    "FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OnlineArmor_is1" = Online Armor 4.0
    "PhotoScape" = PhotoScape
    "Picasa 3" = Picasa 3
    "SeaMonkey (2.0.7)" = SeaMonkey (2.0.7)
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/9/2010 7:31:40 AM | Computer Name = COMPSOC-HOME | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/9/2010 7:31:43 AM | Computer Name = COMPSOC-HOME | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 9/9/2010 1:20:37 PM | Computer Name = COMPSOC-HOME | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 9/9/2010 1:20:37 PM | Computer Name = COMPSOC-HOME | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 9/9/2010 3:30:19 PM | Computer Name = COMPSOC-HOME | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 9/9/2010 4:56:45 PM | Computer Name = COMPSOC-HOME | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/9/2010 4:56:50 PM | Computer Name = COMPSOC-HOME | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 9/9/2010 5:01:28 PM | Computer Name = COMPSOC-HOME | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/9/2010 5:24:44 PM | Computer Name = COMPSOC-HOME | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/9/2010 5:24:50 PM | Computer Name = COMPSOC-HOME | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    [ System Events ]
    Error - 9/9/2010 4:56:44 PM | Computer Name = COMPSOC-HOME | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain TRANQUILITY due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 9/9/2010 4:57:33 PM | Computer Name = COMPSOC-HOME | Source = Service Control Manager | ID = 7000
    Description = The Realtek EAPPkt Protocol service failed to start due to the following
    error: %%2

    Error - 9/9/2010 4:57:33 PM | Computer Name = COMPSOC-HOME | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 9/9/2010 5:01:28 PM | Computer Name = COMPSOC-HOME | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain TRANQUILITY due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 9/9/2010 5:02:52 PM | Computer Name = COMPSOC-HOME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AmdK7 Fips MpFilter OADevice

    Error - 9/9/2010 5:06:14 PM | Computer Name = COMPSOC-HOME | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 9/9/2010 5:24:44 PM | Computer Name = COMPSOC-HOME | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain TRANQUILITY due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 9/9/2010 5:25:31 PM | Computer Name = COMPSOC-HOME | Source = Service Control Manager | ID = 7000
    Description = The Realtek EAPPkt Protocol service failed to start due to the following
    error: %%2

    Error - 9/9/2010 5:25:31 PM | Computer Name = COMPSOC-HOME | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 9/9/2010 5:34:06 PM | Computer Name = COMPSOC-HOME | Source = System Error | ID = 1003
    Description = Error code 0000004e, parameter1 00000007, parameter2 000062d7, parameter3
    00000002, parameter4 00000000.


    < End of report

  3. #23
    Junior Member
    Join Date
    Jun 2009
    Location
    Dublin Ireland
    Posts
    16

    Default OTL txt

    I'm hitting the hay, have a pleasant evening and thanks again for your help.

    OTL logfile created on: 9/10/2010 1:07:22 AM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 550.00 Mb Available Physical Memory | 54.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2500 3000U:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.27 Gb Total Space | 16.26 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive U: | 38.28 Gb Total Space | 36.64 Gb Free Space | 95.71% Space Free | Partition Type: NTFS

    Computer Name: COMPSOC-HOME
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)
    PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
    PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
    PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
    PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
    PRC - C:\Program Files\Micronet Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Tall Emu\Online Armor\oawatch.dll (Tall Emu)
    MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found
    SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    SRV - (SvcOnlineArmor) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
    SRV - (OAcat) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
    SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (USBModem) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys File not found
    DRV - (UsbDiag) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys File not found
    DRV - (usbbus) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys File not found
    DRV - (RTL8187B) -- C:\WINDOWS\System32\DRIVERS\RTL8187B.sys File not found
    DRV - (EAPPkt) -- C:\WINDOWS\System32\DRIVERS\EAPPkt.sys File not found
    DRV - (cscm) -- C:\WINDOWS\System32\drivers\cyyw.sys File not found
    DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
    DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
    DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Tall Emu)
    DRV - (OAnet) -- C:\WINDOWS\system32\drivers\oanet.sys (Tall Emu Pty Ltd)
    DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys (Tall Emu)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
    DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
    DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
    DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
    DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
    DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
    DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
    DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
    DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
    DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\WINDOWS\system32\drivers\s716unic.sys (MCCI Corporation)
    DRV - (s716obex) -- C:\WINDOWS\system32\drivers\s716obex.sys (MCCI Corporation)
    DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\WINDOWS\system32\drivers\s716nd5.sys (MCCI Corporation)
    DRV - (s716mdm) -- C:\WINDOWS\system32\drivers\s716mdm.sys (MCCI Corporation)
    DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s716mgmt.sys (MCCI Corporation)
    DRV - (s716mdfl) -- C:\WINDOWS\system32\drivers\s716mdfl.sys (MCCI Corporation)
    DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\WINDOWS\system32\drivers\s716bus.sys (MCCI Corporation)
    DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
    DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
    DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
    DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
    DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (AC2003) -- C:\WINDOWS\system32\drivers\AC2003.sys (ABIT Computer Corp.)
    DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider)
    DRV - (STVqx3) -- C:\WINDOWS\system32\drivers\STVqx3.SYS (Intel )
    DRV - (SetupNT) -- C:\WINDOWS\system32\SetupNT.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/iat/us_ie.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 7F 52 D9 42 50 CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 02:58:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 02:58:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.7\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/09/08 14:03:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.7\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/09/08 14:03:45 | 000,000,000 | ---D | M]

    [2010/04/12 19:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/04/12 19:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2010/09/09 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q2jzezui.default\extensions
    [2010/08/05 23:04:26 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q2jzezui.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2010/08/05 23:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q2jzezui.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/04/13 17:14:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q2jzezui.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/09/08 13:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\bkko9plw.default\extensions
    [2010/05/14 10:26:37 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\bkko9plw.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2010/08/24 20:28:42 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\bkko9plw.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
    [2010/09/01 21:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\bkko9plw.default\extensions\inspector@mozilla.org
    [2010/09/09 11:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/15 17:58:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/07 20:25:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/09/09 02:41:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKCU..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
    O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Micronet Wireless Network Utility.lnk = C:\Program Files\Micronet Wireless Network Utility\RtWLan.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} http://www.itb.ie/xplug.ocx (Gif89 Class)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1209905435062 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1219358941921 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tranquility.local
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Desktop\sony photos\pics sept 08\101MSDCF\DSC03924.JPG
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/22 20:01:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/10 01:00:26 | 000,000,000 | ---D | C] -- C:\Rooter$
    [2010/09/10 00:57:48 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
    [2010/09/10 00:56:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/09/09 11:58:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/09 11:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
    [2010/09/09 02:04:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/09 01:58:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/09 01:58:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/09 01:58:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/09 01:58:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/09 01:55:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/06 21:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Gphonenewsemx10checkout5.aspx_files
    [2010/09/03 15:24:47 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/08/30 19:55:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/26 14:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\kiddy camera
    [2010/08/24 23:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\jv100camera
    [2010/08/21 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FUJIFILM
    [2010/08/21 20:20:53 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
    [2010/08/21 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
    [2010/08/21 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\FUJIFILM
    [2010/08/21 20:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/08/21 20:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/08/21 20:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/10 00:58:14 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/09/10 00:57:50 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
    [2010/09/10 00:56:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/09/09 22:31:53 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/09 22:29:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/09/09 22:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/09/09 22:24:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/09 22:24:09 | 000,115,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
    [2010/09/09 22:24:00 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/09 22:24:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/09 22:23:52 | 059,256,832 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/09/09 21:39:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
    [2010/09/09 21:37:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
    [2010/09/09 18:58:02 | 000,275,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\letterscan.JPG
    [2010/09/09 18:37:50 | 001,374,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Elegant Fax.doc
    [2010/09/09 17:31:33 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
    [2010/09/09 12:27:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/09/09 12:27:32 | 005,363,188 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2010/09/09 11:56:12 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
    [2010/09/09 06:43:58 | 006,416,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DSCF0462.jpg
    [2010/09/09 02:56:38 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
    [2010/09/09 02:42:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/09 02:41:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/09 02:04:14 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2010/09/09 01:55:38 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
    [2010/09/08 16:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/09/06 21:19:08 | 000,032,387 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gphonenewsemx10checkout5.aspx.htm
    [2010/09/06 10:36:30 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Documents.lnk
    [2010/09/03 12:57:50 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to RSIT.exe.lnk
    [2010/09/03 12:57:20 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    [2010/09/03 10:30:57 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malware help. doc.doc
    [2010/09/01 21:22:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
    [2010/09/01 21:03:45 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
    [2010/09/01 21:03:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/09/01 16:40:20 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/08/31 01:30:49 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/08/31 01:30:49 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
    [2010/08/30 20:10:27 | 000,003,593 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip
    [2010/08/30 20:06:10 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100831-002539.backup
    [2010/08/30 16:32:10 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/27 09:22:49 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyFinePix Studio 1.0.lnk
    [2010/08/26 19:54:14 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100830-200609.backup
    [2010/08/26 19:51:25 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-195412.backup
    [2010/08/26 19:23:55 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-195123.backup
    [2010/08/26 19:19:19 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-192234.backup
    [2010/08/26 13:29:08 | 000,017,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\250px-Skipray2.jpg
    [2010/08/21 20:32:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/21 20:16:19 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/08/17 22:30:54 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\InformaticsandEngineeringAugust10ExamsTimetableRevision1.xls
    [2010/08/11 12:14:17 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 11:47:10 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Castleknock Group.doc
    [2010/08/11 11:13:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/11 11:10:58 | 000,479,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 11:10:58 | 000,426,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 11:10:58 | 000,065,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/09 22:24:00 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/09 21:37:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
    [2010/09/09 18:58:01 | 000,275,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\letterscan.JPG
    [2010/09/09 18:37:47 | 001,374,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Elegant Fax.doc
    [2010/09/09 17:31:29 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
    [2010/09/09 06:43:58 | 006,416,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DSCF0462.jpg
    [2010/09/09 02:04:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/09 02:04:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/09 01:58:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/09 01:58:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/09 01:58:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/09 01:58:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/09 01:58:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/09 01:55:37 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
    [2010/09/06 21:19:06 | 000,032,387 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gphonenewsemx10checkout5.aspx.htm
    [2010/09/06 10:36:30 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Documents.lnk
    [2010/09/03 12:57:49 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to RSIT.exe.lnk
    [2010/09/03 12:57:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    [2010/09/03 10:30:56 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malware help. doc.doc
    [2010/08/30 20:10:27 | 000,003,593 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attach.zip
    [2010/08/26 13:29:02 | 000,017,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\250px-Skipray2.jpg
    [2010/08/21 20:32:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/21 20:20:26 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyFinePix Studio 1.0.lnk
    [2010/08/21 20:16:19 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/08/17 22:30:48 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\InformaticsandEngineeringAugust10ExamsTimetableRevision1.xls
    [2010/08/11 11:47:10 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Castleknock Group.doc
    [2009/01/22 22:05:49 | 000,089,161 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
    [2008/12/26 18:32:44 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
    [2008/12/26 18:31:50 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
    [2008/08/07 10:53:30 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/05/22 19:36:38 | 000,005,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/05/22 18:49:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2008/05/05 10:37:38 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/02 20:56:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/02/22 20:12:07 | 000,003,000 | R--- | C] () -- C:\WINDOWS\System32\SetupNT.sys
    [2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
    [1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

    ========== LOP Check ==========

    [2010/07/11 15:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2008/05/25 16:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
    [2009/04/28 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LG Electronics
    [2009/10/02 21:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OnlineArmor
    [2008/11/12 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
    [2010/04/14 20:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2008/05/19 00:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
    [2010/05/18 10:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/08/21 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
    [2009/11/15 13:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    [2008/05/02 21:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2008/11/12 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/09/06 12:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/05/13 10:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009/01/07 10:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2009/01/14 21:16:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
    [2010/09/09 22:29:55 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.exe >
    [2010/08/01 18:46:39 | 098,224,311 | ---- | M] (Intel Corp.) -- C:\QX3Plus.exe


    < MD5 for: AGP440.SYS >
    [2006/02/28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/08/26 14:30:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/08/26 14:30:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2006/02/28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/08/26 14:30:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/08/26 14:30:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2006/02/28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2006/02/28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2006/02/28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2006/02/28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2006/02/28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
    [2006/02/28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2006/02/28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2006/02/28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/14 01:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
    [57 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/02/22 19:39:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/02/22 19:39:51 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/02/22 19:39:51 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    < End of report >

  4. #24
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      [2010/08/30 20:06:10 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100831-002539.backup
      [2010/08/26 19:54:14 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100830-200609.backup
      [2010/08/26 19:51:25 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-195412.backup
      [2010/08/26 19:23:55 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-195123.backup
      [2010/08/26 19:19:19 | 000,225,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-192234.backup
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [RESETHOSTS]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )



    How is your system behaving now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #25
    Junior Member
    Join Date
    Jun 2009
    Location
    Dublin Ireland
    Posts
    16

    Default otl fix log

    Still hanging regularly,



    All processes killed
    ========== OTL ==========
    No active process named explorer.exe was found!
    C:\WINDOWS\system32\drivers\etc\hosts.20100831-002539.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100830-200609.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100826-195412.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100826-195123.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20100826-192234.backup moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 26852 bytes
    ->Temporary Internet Files folder emptied: 6344996 bytes
    ->Java cache emptied: 64714356 bytes
    ->FireFox cache emptied: 38469661 bytes
    ->Flash cache emptied: 5733971 bytes

    User: All Users

    User: Competition Winner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 18388 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2176856 bytes
    %systemroot%\System32 .tmp files removed: 47871585 bytes
    %systemroot%\System32\dllcache .tmp files removed: 36989544 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1102701 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 194.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.11.0 log created on 09102010_102224

  6. #26
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Well, your logs look ok, the reason for your computer hanging maynot be malware related.

    All of us forums work together helping people, why don't you post here in there windows forum for help, let them know you have been helped here, we cleaned a few things but your computer is still hanging, they can help you sort out your programs that may have some sort of a conflict or maybe its hardware related, not sure.

    Like Safer this site is free but you will need to register.
    http://forums.pcpitstop.com/index.ph...-to-user-help/


    I will keep this thread open for you for about a week, post back and let me know how it went.

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #27
    Junior Member
    Join Date
    Jun 2009
    Location
    Dublin Ireland
    Posts
    16

    Default overheating?

    Hi Ken , looked into other causes and had a look at the cooling system, one fan was broken and the one on the cpu was encrusted with dust, got parts from an old machine, replaced broken fan and vacuumed, seems much better now, not hanging at all. There was an improvement before I did this for which I am very grateful, thank you for your time.Of course it might all stop working tomorrow so I'll monitor it closely ,
    I'm moving to Northport LI next year, drinks are on me if you're about.
    George.

  8. #28
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I'm moving to Northport LI next year, drinks are on me if you're about.
    Thanks George

    Tell you what I do. People don't realize that heat is one of the main killers of a computer. I take my desktop outside, remove the cover and use canned air to blow it all out. You can use a Q-Tip with some Isopropyl alcohol to gently wipe all the crude off the fans. Make sure you clean the heatsink ( the little gadget that sits between the CPU and the fan ) don't take it off, just use canned air and then a Q-Tip to make sure all the flanges are free of dirt.




    Now to remove most of the tools that we have used in fixing your machine:
    • Make sure you have an Internet Connection.
    • Download OTC to your desktop and run it
    • A list of tool components used in the cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
    • Click Yes to begin the cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.









    Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

    Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
    • Spybot Search and Destroy 1.6
      Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
    • WinPatrol Keep this fine program activated to block a lot of threats
    • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
    • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
    • IE-Spyad
      IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •