katybut

Hi Ken, Thanks, I suspected that might be the case. K

Hi Starbuck, Thanks for all your help. I've done all the clear up bits you've suggested. I just wanted to check that when you suggest downloading the antivirus software and 3rd party firewall, you mean that's ok for me to use in conjunction with McAfee that I already have? Just wanted to double check before I go ahead. Thanks. K

Hi Starbuck, No I have no other questions. Thank you SO MUCH for all your help and explaining everything to me. I can't tell you how grateful I am!!!! I would still be beside myself if I had not found you. I had no idea this wonderful site with people like you was out there. I don't want to sound too dramatic but seriously, you have restored my faith in humans, as after falling or almost falling for a scam, you feel so negative and bitter towards the people that did it, and you feel like the minority and like there are few good people out there. But that's not true, as I've found. :D THANK YOU SO MUCH! Have a nice weekend away - you deserve it! Katybut

Hi Starbuck, Do you mean, just use the computer as normal and see if anything strange happens? Sorry if that's a dumb question! I must say I haven't noticed anything unusual since we started anyway, although I haven't even attempted any online banking as I have been too scared of this until you could give me the all clear. Thank you for informing me of the P2P file sharing. I noticed a lot of the trojans were music ones, and read that you'd told someone else the same thing about that. So do you think the viruses we've found from all the scans you said to do were from a while back then, and nothing to do with the remote access from that scam? Can you tell that there's not been any key logger stuff put on, or is that too hard to tell? I notice that a lot of your replies to people are similar and saying to run the same scans etc. I know it might seem monotonous to you and frustrating that you say the same thing to lots of people, but for the average computer user that doesn't know about these things, your information and help is a blessing!! Really it is! Ok so I'm happy to do what ever is next...?

Hi Starbuck, Thank you again for your time. I notice there have been a few things found... this is worrying! Please tell me what to do next. Thank you so much for your help! The reports are as follows: OTL: All processes killed ========== OTL ========== Service LiveUpdate stopped successfully! Service LiveUpdate deleted successfully! File File not found not found. Service Automatic LiveUpdate Scheduler stopped successfully! Service Automatic LiveUpdate Scheduler deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C3F24DCE-F48D-4525-BA3A-1E2361725C21} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F24DCE-F48D-4525-BA3A-1E2361725C21}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C3F24DCE-F48D-4525-BA3A-1E2361725C21} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F24DCE-F48D-4525-BA3A-1E2361725C21}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro\LOGS folder moved successfully. C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro folder moved successfully. C:\Documents and Settings\Kerry\Application Data\TeamViewer folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Kerry\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Kerry\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Julie ->Temp folder emptied: 590740 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kerry ->Temp folder emptied: 763137 bytes ->Temporary Internet Files folder emptied: 16934894 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 470 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Steph ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 18.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Julie ->Flash cache emptied: 0 bytes User: Kerry ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Steph ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05182011_203927 Files\Folders moved on Reboot... C:\Documents and Settings\Kerry\Local Settings\Temp\~DFBEBC.tmp moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\L1NDQCWV\ads[1].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\L1NDQCWV\ads[2].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4ON8YGYD\11738-Online-PC-Masters-Scam!-HELP!!!!!-([2].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... ESETScan: C:\Documents and Settings\Kerry\My Documents\My Music\ADELE- CHASING PAYMENTS.wma probably a variant of Win32/Agent.NHDFUMT trojan cleaned by deleting - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\Beatles - Something in the Way She Moves.wma probably a variant of Win32/Agent.NKIMEUN trojan cleaned by deleting - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\fun house pink.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\i wanna hold your hand beatles.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\me you song (hot new track).au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\Take That - Greatest Day.wma WMA/TrojanDownloader.Wimad.NAA trojan cleaned by deleting - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5116053-mini fever mtv chart #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5164463-rockin to beat black eyed peas the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5178711-ill never be same new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5182556-in your shoes beverley knight the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5299854-you got to show me love [club mix].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5848441-get me out of here esmay hot new track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\Agnes - Release me.wma probably a variant of Win32/Agent.MDJODMK trojan cleaned by deleting - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\esmay remix feat the black eyed peas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\goodbye christina debarge.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\groovejet dj spiller.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\my lips like sugar flo rida 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\perempey dee the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\u girls look so sexy nush 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

Hi Starbuck, Thank you for all your help so far. I REALLY appreciate it!! It happened today, well yesterday now, Tue 17th May, at about 5.30pm. I've done everything you said and here are the results: OTL Extras logfile created on: 17/05/2011 23:52:45 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kerry\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 277.07 Gb Total Space | 153.44 Gb Free Space | 55.38% Space Free | Partition Type: NTFS Drive D: | 21.01 Gb Total Space | 14.34 Gb Free Space | 68.27% Space Free | Partition Type: FAT32 Computer Name: BUTLER | User Name: Kerry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{095B0246-4EB6-45B9-B1BE-536097A0BDDA}" = HD Writer 2.5E for HDC "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5B8072B3-A576-4C0B-99BC-FAA7145A1033}" = Nero 7 Essentials "{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3F24DCE-F48D-4525-BA3A-1E2361725C21}" = Mirar "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F79A208D-D929-11D9-9D77-000129760D75}" = MagicDirector 1.2 "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "BT Yahoo! Applications" = BT Yahoo! Applications "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "IPA/SAM Phonetic Fonts_is1" = IPA/SAM Phonetics Fonts "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = BT NetProtect Plus "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Quick MPEG Splitter v2.0_is1" = Quick MPEG Splitter v2.0 "RealPlayer 6.0" = RealPlayer "TVEpaDrv" = DVD Maker WDM Drivers "ViewpointMediaPlayer" = Viewpoint Media Player "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X10Hardware" = X10 Hardware "ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/05/2011 11:59:25 | Computer Name = BUTLER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 09/05/2011 03:57:36 | Computer Name = BUTLER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10o.ocx, version 10.2.153.1, fault address 0x000cfeab. Error - 11/05/2011 14:32:35 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 14/05/2011 14:29:42 | Computer Name = BUTLER | Source = Application Error | ID = 1000 Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000551a9. Error - 14/05/2011 14:32:07 | Computer Name = BUTLER | Source = Application Error | ID = 1004 Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000551a9. Error - 14/05/2011 14:52:25 | Computer Name = BUTLER | Source = Application Error | ID = 1001 Description = Fault bucket -1992328756. Error - 14/05/2011 15:27:30 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\BT NETPROTECT PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 14/05/2011 15:27:30 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\BT NETPROTECT PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 17/05/2011 06:57:44 | Computer Name = BUTLER | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/05/2011 06:57:50 | Computer Name = BUTLER | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ OSession Events ] Error - 26/03/2009 03:38:24 | Computer Name = BUTLER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 171 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The TVEnhance Background Capture Service (TBCS) service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The X10 Device Network Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The TVEnhance Task Scheduler (TTS)) service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:57:00 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:58:04 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 17:10:37 | Computer Name = BUTLER | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.74 for the Network Card with network address 0012BFC4AC83 has been denied by the DHCP server 10.87.250.25 (The DHCP Server sent a DHCPNACK message). Error - 17/05/2011 17:12:18 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7000 Description = The Automatic LiveUpdate Scheduler service failed to start due to the following error: %%2 Error - 17/05/2011 18:47:24 | Computer Name = BUTLER | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.74 for the Network Card with network address 0012BFC4AC83 has been denied by the DHCP server 10.87.250.25 (The DHCP Server sent a DHCPNACK message). Error - 17/05/2011 18:49:02 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7000 Description = The Automatic LiveUpdate Scheduler service failed to start due to the following error: %%2 Error - 17/05/2011 18:49:02 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde < End of report > OTL logfile created on: 17/05/2011 23:52:45 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kerry\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 277.07 Gb Total Space | 153.44 Gb Free Space | 55.38% Space Free | Partition Type: NTFS Drive D: | 21.01 Gb Total Space | 14.34 Gb Free Space | 68.27% Space Free | Partition Type: FAT32 Computer Name: BUTLER | User Name: Kerry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kerry\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) PRC - C:\WINDOWS\emMON.exe (eMPIA Technology, Inc.) PRC - C:\Program Files\TEVION Multimedia\PVR Plus\TVR\Scheduled.exe () PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kerry\Desktop\OTL.scr (OldTimer Tools) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate) -- File not found SRV - (Automatic LiveUpdate Scheduler) -- File not found SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (Windows ® Server 2003 DDK provider) DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 23 01 14 D2 C6 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 17:32:37 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/03/15 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517115202.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bullGuard] File not found O4 - HKLM..\Run: [emMON] C:\WINDOWS\emMON.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [instantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PVR Agent] C:\Program Files\TEVION Multimedia\PVR Plus\TVR\Scheduled.exe () O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [userFaultCheck] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110428084740 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161859651439 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161863106296 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kerry\My Documents\My Pictures\untitled.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kerry\My Documents\My Pictures\untitled.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011/05/17 23:50:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.scr [2011/05/17 23:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2011/05/17 22:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\Malwarebytes [2011/05/17 22:20:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/17 22:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/17 22:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/17 22:20:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/17 22:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/17 22:19:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/17 21:56:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\TFC.exe [2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro [2011/05/17 17:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\TeamViewer [2011/05/15 13:02:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\Documents and Settings\LocalService\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/17 23:54:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0DC6111A-2252-45B7-8185-9EACA4E94B84}.job [2011/05/17 23:50:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.scr [2011/05/17 23:49:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/05/17 23:47:42 | 000,088,565 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/05/17 23:47:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/17 23:47:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/17 23:47:30 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2011/05/17 23:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2011/05/17 22:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/17 22:20:52 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/17 22:19:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/17 21:56:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\TFC.exe [2011/05/15 13:02:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/02 13:34:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2011/05/17 22:20:52 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/17 22:11:55 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2010/05/02 13:47:37 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/30 19:22:32 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\keyfile3.drm [2009/07/13 10:35:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll [2009/04/15 13:40:42 | 000,007,867 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2009/03/03 14:07:23 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/05 11:23:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/01/23 13:56:40 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\fusioncache.dat [2009/01/21 12:52:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll [2008/11/23 15:49:04 | 000,003,668 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini [2008/11/07 11:53:01 | 000,001,948 | ---- | C] () -- C:\WINDOWS\unins000.dat [2008/10/05 17:27:12 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2008/10/05 17:27:12 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2008/10/05 17:27:12 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2008/10/05 17:27:12 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2008/10/05 17:27:12 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2008/10/05 17:27:12 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2008/10/05 17:27:12 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2008/10/05 17:27:12 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2008/10/05 17:27:12 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2008/10/05 17:27:12 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2008/10/05 17:27:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2008/10/05 17:27:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2008/10/05 17:27:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2008/10/05 17:27:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2008/10/05 17:27:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2008/10/05 17:27:12 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2008/10/05 17:27:12 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2008/10/05 17:27:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2008/10/05 17:27:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008/10/05 17:22:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini [2008/10/02 19:10:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2008/10/02 18:53:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/10/27 11:56:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006/10/24 14:52:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/10/24 14:09:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/24 13:54:37 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/10/24 13:54:37 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\0CF5FC4383.sys [2006/10/24 13:00:08 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006/10/24 12:53:03 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2006/10/24 12:53:03 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2006/10/24 12:53:03 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin [2006/10/24 12:46:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2006/10/24 12:37:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/10/24 12:37:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/10/24 11:47:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/24 11:47:11 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006/10/24 11:47:11 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/24 11:47:11 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006/10/24 11:47:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/24 11:47:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/24 11:47:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006/10/24 11:47:10 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/10/24 11:47:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006/09/29 18:57:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/09/29 18:52:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/09/29 11:45:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/09/29 11:45:03 | 000,302,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/09/29 11:35:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/09/29 11:20:47 | 000,000,769 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/09/29 10:33:52 | 000,001,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/03/15 13:00:00 | 000,460,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/03/15 13:00:00 | 000,077,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/03/15 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/01/16 05:00:00 | 000,076,946 | ---- | C] () -- C:\WINDOWS\unins000.exe [2001/09/04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/09/04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010/02/23 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology [2010/08/05 18:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2008/10/05 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008/10/04 21:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2009/01/21 15:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2011/05/17 17:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro [2008/10/04 21:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/10/05 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2006/10/27 11:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/10/24 13:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings [2008/10/09 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/01/04 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\EPSON [2010/12/20 18:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\LimeWire [2009/07/22 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\MSNInstaller [2009/01/17 11:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Nokia [2008/10/05 16:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\PC Suite [2011/05/17 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\TeamViewer [2009/01/11 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Windows Desktop Search [2010/04/13 10:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Windows Search [2011/05/17 23:54:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0DC6111A-2252-45B7-8185-9EACA4E94B84}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/05 13:16:40 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/10/27 11:58:09 | 000,000,921 | -H-- | M] () -- C:\IPH.PH [2008/12/18 22:59:09 | 000,000,451 | ---- | M] () -- C:\LOG4.log [2008/12/20 15:26:40 | 000,000,451 | ---- | M] () -- C:\LOG5.log [2008/12/20 15:44:22 | 000,000,451 | ---- | M] () -- C:\LOGC.log [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/03/15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/29 15:19:37 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/05/17 23:47:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2008/10/28 09:12:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2008/10/30 20:35:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2008/10/30 20:42:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2008/10/30 22:55:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2008/11/01 13:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2008/11/07 19:51:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2008/11/07 19:57:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2008/11/07 20:09:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/11/12 23:37:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/11/19 21:03:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2008/11/24 11:04:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2008/11/28 22:08:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2008/11/28 22:12:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/11/28 22:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/28 22:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/28 22:22:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/28 22:25:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/04 21:29:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/04 21:40:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2008/10/28 08:52:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2008/10/28 09:12:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/10/30 20:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/10/30 20:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/10/30 22:55:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/11/01 13:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/11/07 19:51:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/11/07 19:57:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/11/07 20:09:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/11/12 23:37:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/11/19 21:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/11/24 11:04:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/11/28 22:08:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/11/28 22:12:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/28 22:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/28 22:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/28 22:22:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/11/28 22:25:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/04 21:29:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/04 21:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/10/28 08:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/09/29 11:44:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/09/29 11:44:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006/09/29 11:44:04 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < %SYSTEMDRIVE%\*.* > [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/05 13:16:40 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/10/27 11:58:09 | 000,000,921 | -H-- | M] () -- C:\IPH.PH [2008/12/18 22:59:09 | 000,000,451 | ---- | M] () -- C:\LOG4.log [2008/12/20 15:26:40 | 000,000,451 | ---- | M] () -- C:\LOG5.log [2008/12/20 15:44:22 | 000,000,451 | ---- | M] () -- C:\LOGC.log [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/03/15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/29 15:19:37 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/05/17 23:47:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2008/10/28 09:12:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2008/10/30 20:35:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2008/10/30 20:42:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2008/10/30 22:55:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2008/11/01 13:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2008/11/07 19:51:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2008/11/07 19:57:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2008/11/07 20:09:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/11/12 23:37:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/11/19 21:03:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2008/11/24 11:04:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2008/11/28 22:08:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2008/11/28 22:12:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/11/28 22:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/28 22:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/28 22:22:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/28 22:25:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/04 21:29:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/04 21:40:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2008/10/28 08:52:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2008/10/28 09:12:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/10/30 20:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/10/30 20:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/10/30 22:55:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/11/01 13:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/11/07 19:51:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/11/07 19:57:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/11/07 20:09:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/11/12 23:37:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/11/19 21:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/11/24 11:04:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/11/28 22:08:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/11/28 22:12:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/28 22:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/28 22:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/28 22:22:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/11/28 22:25:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/04 21:29:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/04 21:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/10/28 08:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/09/29 11:44:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/09/29 11:44:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006/09/29 11:44:04 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < > < > < > < End of report > Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6600 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/05/2011 23:44:53 mbam-log-2011-05-17 (23-44-53).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 302629 Time elapsed: 1 hour(s), 21 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\Steph\application data\dealassistant (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\Steph\application data\dealassistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully. I look forward to hearing from you. Many thanks... :)

Thank you! That's really helpful! I guess I'll wait to see what starbuck says... I did a full security scan using my McAfee and it said nothing was found but I don't know if that includes the possible key-logger software that you mentioned. Thank you very much. xxx

I'm hoping a computer whizz can advise me..... I've just had a call from someone from 'Online PC Masters' claiming to be a company providing technical support to Microsoft customers. They said an error message had been sent to them from my computer saying it is infected with a trojan virus. They said this trojan virus cannot be detected by other protection software (I have McAfee and am with BT). Stupidly stupidly stupidly I allowed him remote access to my comuter which he used to download something called PC Optimizer Pro. This ran a 'scan' and showed me all of the 'errors' and 'corrupt' files that are on my computer. After that he uninstalled PC Optimizer Pro and stopped the remote access and proceeded to tell me that I should by this software for £79.95 which will protect me for life, blah blah blah. By this stage I realised it was a scam and refused to pay giving an excuse that I should ask the rest of my family, etc. It is a scam which I have since googled and many people have reported the same sort of phone calls. I am worried that I gave him remote access. Please can someone tell me if that will have damaged my computer in any way? Will he have put a virus on it? Or has he now got access to my personal information? Has he or can he now hack into my computer when ever he wants? As you can tell, I'm feeling rather stressed. Can someone please advise me on this? Many thanks!!! xxx