Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect? Following on from WIndowssafemode


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Trying to remove progams using the add/remove function now drags up the error message:

Download and install the latest version of the installer from here let me know if that cures it

One more question and, it's probably the silliest so far...
Is there anything I can do to support the site?

Any knowledge or expertise that you could bring would be welcome :D

Reference OE is that file in that folder ?

If not then run OTL with the following script so that I can see if you have a spare


/md5start
msimn.*
/md5stop
  • 0

Advertisements


#32
Burndenpark

Burndenpark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Reference OE is that file in that folder ?

If not then run OTL with the following script so that I can see if you have a spare


/md5start
msimn.*
/md5stop

It wasn't in theat folder. I guess you mean run OTL as a search rather than a fix? The file is attached

The remove programs is fixed - thanks for that.



One more question and, it's probably the silliest so far...
Is there anything I can do to support the site?
Any knowledge or expertise that you could bring would be welcome :D That's what makes it silly. I'm reasonably good with IT by normal standards (excel etc just short of macros), I can crunch data along side the best, but compared to you guys I'm not really on the Geekometer- I can make a decent coffee and argue well. :D

OTL logfile created on: 27/03/2011 10:33:07 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 139.64 Gb Free Space | 77.77% Space Free | Partition Type: NTFS
Drive D: | 6.73 Gb Total Space | 0.66 Gb Free Space | 9.78% Space Free | Partition Type: FAT32
Drive E: | 557.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OLLY | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/03/15 19:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/16 13:49:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/23 23:51:32 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/12 16:14:42 | 001,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/01/07 02:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 19:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 21:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/12 19:14:40 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/08/24 18:49:12 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/03/31 11:23:06 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/23 23:51:32 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/06 22:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/11/24 17:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 16:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 16:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/03/27 10:08:24 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{734ACBE0-DB1A-4A7C-A17B-E29EB8528759}\MpKslb4391d94.sys -- (MpKslb4391d94)
DRV - [2009/11/24 20:25:44 | 000,206,256 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/31 11:23:26 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/03/31 11:23:24 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/31 11:23:20 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 11:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/05/26 17:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 19:41:02 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/28 21:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/01/11 11:20:06 | 000,194,304 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/10/23 11:15:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 17:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/04 22:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 17:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/02/27 06:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://apod.nasa.gov...d/astropix.html [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://community.tes.../forums/31.aspx
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1\ [2009/05/30 14:35:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/17 00:16:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 09:20:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/06/06 21:47:44 | 000,884,736 | R--- | M] (FIRAXIS Games, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 17:53:20 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 10:24:54 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/27 10:24:54 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/27 10:24:54 | 000,069,632 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/27 10:24:53 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/27 10:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/03/27 10:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2011/03/27 10:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/03/27 10:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/22 21:27:02 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/03/19 22:30:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/19 18:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/03/17 20:14:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/17 00:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/16 23:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/15 23:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/15 19:51:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/13 12:14:53 | 000,039,200 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/03/13 12:14:53 | 000,033,056 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/03/13 12:14:53 | 000,012,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2011/03/13 12:14:52 | 000,051,488 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/03/12 21:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/11 22:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2011/03/08 20:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/07 22:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/03/07 22:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 10:19:04 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 10:19:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/27 10:17:13 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/03/27 10:12:17 | 000,445,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 10:12:17 | 000,072,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/27 10:10:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/27 10:07:40 | 2079,772,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 10:36:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/21 19:39:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 20:50:44 | 000,000,444 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 23:04:31 | 000,000,652 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/17 00:16:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/17 00:03:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/15 19:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/03/12 21:33:18 | 000,513,008 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 20:25:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/02/26 15:58:34 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/25 20:23:49 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/27 10:14:25 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/27 10:14:25 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 20:49:56 | 2079,772,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 20:49:28 | 000,000,444 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi
[2011/03/17 21:24:55 | 000,000,652 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi
[2011/03/16 23:52:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/16 23:52:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/12 21:33:19 | 000,513,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe
[2011/03/08 20:25:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/08 20:24:52 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/08 20:02:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/08 00:31:02 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 19:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/07/25 17:13:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/04/29 21:35:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/29 21:35:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/29 21:35:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/04/27 20:02:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/03/06 01:26:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/14 10:13:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/21 10:46:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/03/14 23:59:57 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2007/02/17 16:48:37 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 13:44:57 | 000,000,504 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 12:07:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/02/17 11:50:34 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/23 11:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 11:05:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/23 11:00:38 | 000,014,309 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/23 11:00:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/23 10:52:43 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/23 10:47:41 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/10/23 10:46:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/23 10:43:29 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/23 10:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/23 10:18:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/10/23 10:18:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/10/23 10:17:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 12:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/10 09:27:46 | 000,445,678 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 09:27:46 | 000,072,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 09:25:26 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 09:20:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 09:15:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 22:00:00 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2004/08/09 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 22:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/09 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/08 14:37:36 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 09:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========



< MD5 for: MSIMN.EX_ >
[2004/08/09 22:00:00 | 000,018,810 | ---- | M] () MD5=A9AA9A2107AA78020ECDE107FE60241D -- C:\WINDOWS\I386\MSIMN.EX_

< MD5 for: MSIMN.EXE >
[2004/08/09 22:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=091C14F4C71328D4316248A2421190DE -- C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
[2008/04/14 01:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=1EEAE496A51F017D04DD41322935D2B9 -- C:\WINDOWS\ServicePackFiles\i386\msimn.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

Attached Files

  • Attached File  OTL.Txt   56.96KB   70 downloads

  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets put that file back where it belongs.. Once done can you check it out and let me know of any remaining problems :D

No sugar in my coffee please - I am sweet enough allready :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    c:\programme files\outlook express\msimn.exe|C:\WINDOWS\ServicePackFiles\i386\msimn.exe /replace

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#34
Burndenpark

Burndenpark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It reboots itself once it's done (or not) and on resumption gives this log:

Unable to replace file: c:\programme files\outlook express\msimn.exe with C:\WINDOWS\ServicePackFiles\i386\msimn.exe without a reboot.

OTL by OldTimer - Version 3.2.22.3 log created on 03272011_180318

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Still not working :D


I even tried it a scond time justy to be sure that I'd stopped Spyware Dr getting in the way
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ooops Just noticed my mistake - it will not copy from OTL 'cos I used the english spelling for program files

Please run OTL again with this modified fix :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
c:\program files\outlook express\msimn.exe|C:\WINDOWS\ServicePackFiles\i386\msimn.exe /replace


  • 0

#36
Burndenpark

Burndenpark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
YAYYYYYYYY!!!!!!!!!!

I've got emails :D (mostly from geeks to go telling me that there's been a reply to my post)

:D
Thanks at least a dozen times.

Coffee, white, no sugar - I've even frothed the milk for you

;)


(I think you can lock this thread now)

Edited by Burndenpark, 27 March 2011 - 12:58 PM.

  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delightful and just right

Keep safe now and enjoy - but first to remove my bits and bobs


I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. AswMbr can just be deleted

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u24-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :D
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP