Infected - but don't know what with!

OTViewIt Extras logfile created on: 27/10/2008 14:39:48 - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\dad\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 304.74 Mb Available Physical Memory | 63.56% Memory free
1.10 Gb Paging File | 0.71 Gb Available in Paging File | 64.94% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.05 Gb Total Space | 111.38 Gb Free Space | 76.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOTCHPOTCH
Current User Name: dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007/10/14 11:58:50 | 00,521,568 | ---- | M] (IncrediMail Ltd.) -- C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}"=Labtec WebCam
"{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}"=RPS AntiVirus
"{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}"=Virgin Broadband PCguard
"{16B18999-56D7-4E8F-A40C-385E68A6D0CD}"=Barbie Girls
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{1F50AAEC-DD0A-11D6-B4A8-A8F54A524A6C}"=PixAlert Monitor Home
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}"=PerfectDisk
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{324D4909-7A7B-45CD-B199-E975DC108249}"=RPS PopupBlocker
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A836186-46F8-4388-9830-820E35C02992}"=RPS Diagnostic Utility
"{3AFF4279-A590-4010-8C8A-3B096A220CFC}"=RPS Zip
"{3C441434-737C-4D54-8EAB-B409BE54E734}"=RPS App Detector
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}"=eBay Toolbar
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{42EDF895-158C-484E-A7F2-42B90759F281}"=Camera RAW Plug-In for EPSON Creativity Suite
"{480D674F-7285-41AE-93C0-1BB62B151AD3}"=PCEye2000
"{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb"=Disney Interactive Global Compatibility Update June 2003
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{53C32728-D434-4143-9C9D-D73D68D00893}"=RPS ParentalControl
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}"=Radialpoint Security Services
"{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}"=RPS Security Cleanup
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}"=HP Precisionscan Pro 3.1
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}"=The Sims 2
"{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}"=RPS Ad Blocker
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}"=EPSON Web-To-Page
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}"=EPSON Easy Photo Print
"{8C4504A1-9280-11D5-9F7E-00902712427E}"=Sid Meier's SimGolf
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{966A491F-8970-44E0-AC4E-9C845D9013EC}"=Microsoft DirectX 9.0 SDK Update (August 2005)
"{A542D695-16D3-4F89-A6F1-091F009B8ABA}"=RPS Burn
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}"=RPS RpsCore
"{B123EBD8-89B7-4834-B06D-F758815E1033}"=Nero 7 Premium
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}"=RPS Backup
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}"=Motorola Phone Tools
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{C70EF769-8296-4ED0-966F-D624BC6D4927}"=Authentium AntiVirus SDK - 2
"{C831972C-3834-4D9D-A095-8350B324AC3C}"=RPS AntiFraud
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}"=PPSDKRedistributables
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}"=RPS AsRealtime
"{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}"=RPS Performance Tool
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}"=PIF DESIGNER2.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}"=RPS Firewall
"{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}"=RPS AntiSpyware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}"=RPS Privacy Manager
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe SVG Viewer"=Adobe SVG Viewer
"BroadJump Client Foundation"=BroadJump Client Foundation
"CBOClean"=BOClean
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Disney's Extremely Goofy Skateboarding"=Disney's Extremely Goofy Skateboarding
"Enable S3 for USB Device"=Enable S3 for USB Device
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Stylus S20 Series"=EPSON Stylus S20 Series Printer Uninstall
"EPSON Stylus S20_T10_T20 User’s Guide"=EPSON Stylus S20_T10_T20 Manual
"HijackThis"=HijackThis 2.0.2
"Hospital"=Theme Hospital
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{16B18999-56D7-4E8F-A40C-385E68A6D0CD}"=Barbie Girls
"InterActual Player"=InterActual Player
"Letters"=Sesame Street Letters
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)"=Network Play System (Patching)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PPTView97"=Microsoft PowerPoint Viewer 97
"RadialpointClientGateway_is1"=Virgin Broadband advisor 1.5.14
"S3"=UniChrome IGP Driver and Utilities
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"SLAMRNTV"=CastleNet 56K PCI Modem
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"VTDisplay"=S3 S3Display
"VTGamma2"=S3 S3Gamma2
"VTInfo2"=S3 S3Info2
"VTOverlay"=S3 S3Overlay
"Where in the World is Carmen Sandiego"=Where in the World is Carmen Sandiego
"Where in Time is Carmen Sandiego? v3.0 3.0"=Where in Time is Carmen Sandiego? v3.0
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/10/2008 11:36:19 | Computer Name = HOTCHPOTCH | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/10/2008 11:36:31 | Computer Name = HOTCHPOTCH | Source = Application Hang | ID = 1001
Description = Fault bucket 553528827.

Error - 20/10/2008 11:36:31 | Computer Name = HOTCHPOTCH | Source = Application Hang | ID = 1001
Description = Fault bucket 553528827.

Error - 21/10/2008 10:17:04 | Computer Name = HOTCHPOTCH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module pcpitstop3d.dll, version 1.0.0.7, fault address 0x0000a69b.

Error - 21/10/2008 10:17:21 | Computer Name = HOTCHPOTCH | Source = Application Error | ID = 1001
Description = Fault bucket 968606109.

Error - 21/10/2008 10:21:17 | Computer Name = HOTCHPOTCH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module pcpitstop3d.dll, version 1.0.0.7, fault address 0x0000a69b.

Error - 21/10/2008 10:24:30 | Computer Name = HOTCHPOTCH | Source = Application Error | ID = 1001
Description = Fault bucket 968606109.

Error - 26/10/2008 04:55:20 | Computer Name = HOTCHPOTCH | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5876, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 26/10/2008 04:55:20 | Computer Name = HOTCHPOTCH | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 26/10/2008 04:55:24 | Computer Name = HOTCHPOTCH | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 5876, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 27/10/2008 08:18:44 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 27/10/2008 09:03:24 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 27/10/2008 09:03:24 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 27/10/2008 09:03:24 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 27/10/2008 09:12:34 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 27/10/2008 09:12:34 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 27/10/2008 09:12:34 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 27/10/2008 09:13:15 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 27/10/2008 09:13:15 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 27/10/2008 09:13:15 | Computer Name = HOTCHPOTCH | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL.
Reference
error message: The operation completed successfully. .


< End of report >
 
Hi Bill

Also can I remove Authentium\AntiVirus
Click to expand...
No, Authentium\AntiVirus is part of PC Guard

I'm not seeing anything malicious in your logs..
let's run F-Secure online scan to be sure

  1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  3. Click on Accept to accept the License Agreement.
  4. Click on Custom Scan.
    • Under Virus Scan Options, select the Scan whole system option.
    • Under Other Scan Options, select these options:
      • Scan all files
      • Scan whole system for rootkits
      • Scan whole system for spyware
      • Scan inside archives
      • Use advanced heuristics
  5. Click Start.
  6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
  7. Click on I want decide item by item.
  8. Under Actions, select None for all infections found.
  9. Click Next.
  10. Click on Show Report.
  11. Please copy and paste this report in your next reply.
  12. Click Finish.
 
Hi Tashi
thanks for asking.
Sorry too peku006 for the delay, I had an emergency :sad: trip to Hong Kong on the 27th and returned yesterday.
Before I left I started the scan and my wife took notes:

F-Secure Online Scanner
System for malware System for rootkits

Took 6 hours to get to this point:

Scan stopped, then screen said -

Error iexplore.exe AppVer:7.0.6000
16735 Mod Name: fscax.dll ModVer:3.3.1.0
Offset: 0001d5a0

C:\Docume~1\dad\locals~1\temp\9f3b_appcompat.txt.


The file it got up to was 1191101
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys\a540e820-0f4e-4883-93f0-887521e6144
 
Hi peku006
I'm not sure, but still feel that if you go back to my original post, that describes the problems I'm having. Also, as you will see, the Ad Aware Scan would not complete, and the F-Secure Online Scanner would not complete. I have tried to run this again last night, and it wouldn't complete again. Comes up as before with error reports. Computer still running very slow. Don't know whether this is due to malware or other problem. Thanks for your help so far.
 
Hi Bill
Those scans certainly came up clean. I don't believe your issue is malware related.

Try running system file checker

If you have the Microsoft Windows XP installation disk.
Click Start>Run,type sfc /scannow then press Ok.
Leave a space in between sfc and /scannow
Reboot when you've done.

after that......

Please try F-Secure Online Scanner again.....
 
Hi peku006,
I don't have the XP installation disk as it was already loaded on my computer when I bought it, but I ran scannow anyway and then rebooted.
I then retried F-Secure Online Scanner and it has run for 12 hours!!!!!, and checked 1212119 files and skipped 1000 files. Then..... it stopped. And came up with similar to last time. I have sent the Microsoft error report, here is the info.
iexplore.exe. AppVer:7.0.6000.16735 ModName: fscax.dll ModVer: 3.3.1.0 Offset: 0001d5a0. C:\DOCUME~1\LOCALS~1\Temp\de96_appcompat.txt
It is really frustrating that it got this far through and took so long. Up to this point, it had not picked anything up.
Thanks again for your time.
 
Hi firemanbill

those scans certainly came up clean , I do not believe your computer issues to be malware related at all, it sounds like you have "Explorer-problem"

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.
 
Hi,
Thanks so much for all your help, and also for the links to other computer experts. Your guidance, as always, is much appreciated. Keep up the good work! :)
 
You must log in or register to reply here.
Back
Top