foxhannah

Members

View Profile See their activity

Posts
9
Joined
June 26, 2011
Last visited
August 8, 2011

Tech Info

Experience
beginner
System: windows_xp_home

foxhannah's Achievements

Newbie (1/14)

Reputation

Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Things seem to be running ok now and certainly quicker than before, although still slightly puzzled that my c: drive is still so chocker when I've actually been removing photos etc from my computer. I've got quite a bit of music on there, so not sure if that's what's filling it up...?
- July 24, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Hello - here are the results of the scan: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eyeBeam SIP Client deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully. File oft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Documents and Settings\Hannah Fox\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Hannah Fox\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 882937 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 82322 bytes User: Hannah Fox ->Temp folder emptied: 157553753 bytes ->Temporary Internet Files folder emptied: 39905071 bytes ->Java cache emptied: 8193072 bytes ->Google Chrome cache emptied: 9830167 bytes ->Flash cache emptied: 2905825 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 9445265 bytes %systemroot%\System32 .tmp files removed: 4370961 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 44284991 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 265.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Default User User: All Users User: NetworkService User: LocalService User: Hannah Fox ->Flash cache emptied: 0 bytes User: Administrator Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07192011_205625 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFB0A.tmp not found! File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFB8C.tmp not found! File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFCC9.tmp not found! File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFCD7.tmp not found! File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFE65.tmp not found! File\Folder C:\Documents and Settings\Hannah Fox\Local Settings\Temp\~DFFEB5.tmp not found! C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\JC98QI1Z\trk[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\4H9VV4WE\mail[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\4H9VV4WE\uizeIGbtPUaxj0N_LsZKLg[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\C8509RB3\mail[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\C8509RB3\universal[1].html moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\C8509RB3\mail[2].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\C8509RB3\sh46[1].html moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\C8509RB3\11921-Worried-about-virus-in-computer-after-dodgy-telephone-scam[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\W1DYHR26\tescodiets_com[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\W1DYHR26\dp2_specificclick_net[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\W1DYHR26\ads[2].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\Z1LSTA4P\homepage[1].html moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\Z1LSTA4P\ads[2].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\IW7T748F\pix[1].htm moved successfully. C:\Documents and Settings\Hannah Fox\Local Settings\Temporary Internet Files\Content.IE5\IW7T748F\4831_iframe_01[1].html moved successfully. Registry entries deleted on Reboot... Thanks!
- July 19, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Hello, Here are the two scan reports after re-downloading OTL: OTL logfile created on: 17/07/2011 13:44:20 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hannah Fox\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.05 Mb Total Physical Memory | 200.77 Mb Available Physical Memory | 39.99% Memory free 1.20 Gb Paging File | 0.81 Gb Available in Paging File | 67.45% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 26.38 Gb Total Space | 1.38 Gb Free Space | 5.22% Space Free | Partition Type: FAT32 Drive D: | 26.55 Gb Total Space | 26.45 Gb Free Space | 99.61% Space Free | Partition Type: FAT32 Computer Name: HANNAHFOX | User Name: Hannah Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.) PRC - C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.) PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc) PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\vdmdbg.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\Motive\McciContextHook_5-0-0_DSR.dll (Motive Communications, Inc.) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (PEVSystemStart) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys () DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25386 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) O1 HOSTS File: ([2010/11/12 20:32:06 | 000,000,030 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\EPM-DM.exe (Acer Inc) O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKCU..\Run: [MsnMsgr] File not found O4 - HKCU..\Run: [updateMgr] File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: activextool.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/17 13:43:26 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr [2011/07/12 23:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Fox\DoctorWeb [2011/07/08 13:01:44 | 000,000,000 | -HSD | C] -- C:\FOUND.001 [2011/07/08 10:30:04 | 000,000,000 | --SD | C] -- C:\Combo-Fix26894C [2011/07/08 10:29:00 | 000,000,000 | --SD | C] -- C:\Combo-Fix [2011/07/08 10:16:34 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2011/07/07 22:05:00 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/07/07 22:02:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/07/07 22:02:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/07/07 22:02:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/07/07 22:02:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/07/07 22:01:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/07/07 22:00:33 | 004,135,855 | R--- | C] (Swearware) -- C:\Documents and Settings\Hannah Fox\Desktop\Combo-Fix.exe [2011/07/07 21:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Fox\Application Data\Avira [2011/07/07 21:55:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/06 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/07/06 22:01:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/07/06 21:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/07/06 21:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/07/06 21:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/06/27 23:09:04 | 000,000,000 | ---D | C] -- C:\_OTL [2011/06/27 22:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011/06/27 22:10:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011/06/27 22:10:04 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/06/27 22:10:04 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/06/27 22:10:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011/06/27 22:10:04 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011/06/27 22:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011/06/27 22:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011/06/26 15:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Fox\Application Data\Malwarebytes [2011/06/26 15:23:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/06/26 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/26 15:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/06/26 15:22:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/06/26 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/06/26 08:16:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP [2011/06/25 18:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/06/17 21:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/06/17 21:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/06/17 20:56:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/06/17 20:56:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/06/17 20:56:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/06/17 20:56:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/06/17 20:56:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/06/17 20:30:18 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/17 13:43:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr [2011/07/15 06:51:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2011/07/15 06:48:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/15 06:46:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/15 06:46:04 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys [2011/07/15 06:41:54 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Hannah Fox\Desktop\DrWeb.csv [2011/07/13 22:43:16 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/13 03:01:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/07/12 23:31:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/07/11 22:31:08 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2011/07/09 13:19:32 | 070,454,720 | ---- | M] () -- C:\Documents and Settings\Hannah Fox\Desktop\drweb-cureit.exe [2011/07/08 10:29:26 | 004,135,855 | R--- | M] (Swearware) -- C:\Documents and Settings\Hannah Fox\Desktop\Combo-Fix.exe [2011/07/07 22:05:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/07/06 21:59:42 | 000,001,450 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/06/30 22:16:48 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/06/30 22:16:48 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/06/27 22:12:06 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011/06/26 15:23:16 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/26 15:17:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe [2011/06/25 18:52:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/15 06:38:11 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Desktop\DrWeb.csv [2011/07/11 22:31:07 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk [2011/07/11 22:31:07 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2011/07/09 13:19:30 | 070,454,720 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Desktop\drweb-cureit.exe [2011/07/07 22:05:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/07/07 22:05:07 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/07/07 22:02:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/07 22:02:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/07 22:02:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/07 22:02:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/07 22:02:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/06 22:02:09 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/07/06 21:59:40 | 000,001,450 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/06/27 22:12:03 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011/06/26 15:23:14 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/26 15:17:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/25 18:52:38 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2009/10/03 17:24:09 | 000,048,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/01/01 15:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2009/01/01 15:22:46 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009/01/01 15:22:46 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009/01/01 15:22:46 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009/01/01 15:22:46 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2009/01/01 15:22:46 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2009/01/01 15:22:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009/01/01 15:22:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/01/01 15:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009/01/01 15:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009/01/01 15:22:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009/01/01 15:22:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009/01/01 15:22:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009/01/01 15:22:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009/01/01 15:22:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009/01/01 15:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/11/11 21:23:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/11/11 21:20:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006/07/08 19:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2006/01/20 19:44:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/01/10 20:21:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Application Data\wklnhst.dat [2006/01/10 07:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/03/30 12:59:26 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini [2005/03/30 12:59:26 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat [2005/03/30 12:23:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/03/30 11:59:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2005/03/30 11:58:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/03/30 11:52:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/03/30 11:46:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/03/30 11:45:34 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/03/30 11:38:53 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2005/03/30 11:38:53 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2005/03/30 11:38:53 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2005/03/30 11:38:53 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2005/03/30 11:38:53 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2005/03/30 11:38:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/03/30 11:38:32 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/03/30 11:38:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005/03/30 11:38:32 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/03/30 11:38:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005/03/30 11:38:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/03/30 11:38:29 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005/03/30 11:38:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/03/30 11:38:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005/03/30 11:38:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005/03/30 11:38:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005/03/30 11:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE [1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI [1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini < End of report > OTL Extras logfile created on: 17/07/2011 13:44:20 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hannah Fox\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.05 Mb Total Physical Memory | 200.77 Mb Available Physical Memory | 39.99% Memory free 1.20 Gb Paging File | 0.81 Gb Available in Paging File | 67.45% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 26.38 Gb Total Space | 1.38 Gb Free Space | 5.22% Space Free | Partition Type: FAT32 Drive D: | 26.55 Gb Total Space | 26.45 Gb Free Space | 99.61% Space Free | Partition Type: FAT32 Computer Name: HANNAHFOX | User Name: Hannah Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Documents and Settings\All Users\Application Data\b2c788\ISb2c_302.exe" = C:\Documents and Settings\All Users\Application Data\b2c788\ISb2c_302.exe:*:Enabled:Internet Security Suite "C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe" = C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe:*:Enabled:Norton Security Scan ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 26 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21 "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP "Conexant PCI Audio" = Conexant AC-Link Audio "GridVista" = Acer GridVista "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers. "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18/06/2011 15:40:23 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/06/2011 04:42:22 | Computer Name = HANNAHFOX | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 19/06/2011 04:45:11 | Computer Name = HANNAHFOX | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 27/06/2011 17:14:05 | Computer Name = HANNAHFOX | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 28/06/2011 00:29:47 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application OTL.scr, version 3.2.24.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28/06/2011 17:11:34 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application OTL.scr, version 3.2.24.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 05/07/2011 14:10:23 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application avnotify.exe, version 10.0.10.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 09/07/2011 08:12:53 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 09/07/2011 08:12:53 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2011 20:46:18 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 08/07/2011 08:09:59 | Computer Name = HANNAHFOX | Source = Dhcp | ID = 1002 Description = The IP address lease 10.240.200.10 for the Network Card with network address 0013CE70F320 has been denied by the DHCP server 10.218.204.73 (The DHCP Server sent a DHCPNACK message). Error - 08/07/2011 08:10:21 | Computer Name = HANNAHFOX | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 08/07/2011 08:10:21 | Computer Name = HANNAHFOX | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 08/07/2011 08:11:22 | Computer Name = HANNAHFOX | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 08/07/2011 08:11:22 | Computer Name = HANNAHFOX | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 09/07/2011 13:04:08 | Computer Name = HANNAHFOX | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.149 for the Network Card with network address 0013CE70F320 has been denied by the DHCP server 10.240.200.9 (The DHCP Server sent a DHCPNACK message). Error - 09/07/2011 13:08:01 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. Error - 09/07/2011 13:08:01 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053 Error - 11/07/2011 04:34:51 | Computer Name = HANNAHFOX | Source = ipnathlp | ID = 32003 Description = The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. Error - 15/07/2011 01:46:17 | Computer Name = HANNAHFOX | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.171 for the Network Card with network address 0013CE70F320 has been denied by the DHCP server 10.240.200.9 (The DHCP Server sent a DHCPNACK message). < End of report > Thanks!
- July 17, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Hello again, Finally got round to running the Dr Web scans - below is the report - it saved it as an excel file so have copied text... OTL.scr;C:\Documents and Settings\Hannah Fox\Desktop;Trojan.Siggen2.43612;Incurable.Moved.; A0067195.scr;C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP516;Trojan.Siggen2.43612;Incurable.Moved.; VikPev00;C:\Combo-Fix26894C;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.; The scan seemed to pick up three things - one of which was the OTL program which I had originally downloaded, so that's now disappeared off my desktop. Is my computer sorted now?:) Thanks! Hannah
- July 15, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

still no luck Hello, Re the above, downloaded as asked and a window with a c: came up (black background). The message said it was checking computer and that it might take up to 10 minutes but possibly double that time if there is lots of spyware etc on the computer. Two and half hours later the message is still up there and there is no report. I made sure I didn't click the window, or even touch the mouse. I don't think the page had frozen because the cursor kept blinking, but in the end, I needed to do other stuff on my computer, so I switched it off at the switch to reboot it. Am I being impatient? :mad: Or is my computer just chocca full of viruses? :confused: Is this is something that needs to run overnight? Sorry to keep coming back to you with problems! Hannah
- July 8, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Hello - thanks for suggestion - however it's still not working. I downloaded the file to the desktop, opened OLT, pressed run fix and then located the file, but when I try and press Run Fix, nothing happens. It's like none of the buttons even respond, so still no success I'm afraid...:( Thanks!
- July 6, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Next steps Hello, Sorry for not getting back to you sooner with the reports... So, I follwed step 1, and uninstalled Norton 360 and installed Avira and ran a scan - not sure if you want the scan, but let me know if you do and can put in next post. I then went on to the next step, and ran OTL and pasted the code in and pressed Run Fix. But that's where the prob arrives - I've run this scan twice and both times, my computer has completely frozen up. :confused: It's like it stops scanning, and this is after letting it run for ages (the first time I ran the scan, I left my laptop on for about 7 hours overnight and when I woke up it was still at the same point). The only way I could get past the non-responding stage was by doing ctrl alt del and getting the task manager and stopping it that way and then restarting. So, I'm afraid I don't have another OTL report, but let me know if you think I'm doing something wrong (I literally just pasted the code straight into the box - didn't change it etc) I've also downloaded and run the TDSSKiller - didn't seem to find any problems - the report is below: 2011/06/30 22:11:55.0562 3564 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 22:11:57.0875 3564 ================================================================================ 2011/06/30 22:11:57.0875 3564 SystemInfo: 2011/06/30 22:11:57.0875 3564 2011/06/30 22:11:57.0875 3564 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/30 22:11:57.0875 3564 Product type: Workstation 2011/06/30 22:11:57.0875 3564 ComputerName: HANNAHFOX 2011/06/30 22:11:57.0875 3564 UserName: Hannah Fox 2011/06/30 22:11:57.0875 3564 Windows directory: C:\WINDOWS 2011/06/30 22:11:57.0875 3564 System windows directory: C:\WINDOWS 2011/06/30 22:11:57.0875 3564 Processor architecture: Intel x86 2011/06/30 22:11:57.0875 3564 Number of processors: 1 2011/06/30 22:11:57.0875 3564 Page size: 0x1000 2011/06/30 22:11:57.0875 3564 Boot type: Normal boot 2011/06/30 22:11:57.0875 3564 ================================================================================ 2011/06/30 22:12:00.0515 3564 Initialize success 2011/06/30 22:12:07.0125 2668 ================================================================================ 2011/06/30 22:12:07.0125 2668 Scan started 2011/06/30 22:12:07.0125 2668 Mode: Manual; 2011/06/30 22:12:07.0125 2668 ================================================================================ 2011/06/30 22:12:14.0312 2668 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/30 22:12:15.0000 2668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/06/30 22:12:19.0093 2668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/30 22:12:19.0859 2668 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/30 22:12:33.0687 2668 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2011/06/30 22:12:34.0906 2668 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/30 22:12:42.0765 2668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/30 22:12:43.0781 2668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/30 22:12:47.0140 2668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/30 22:12:48.0671 2668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/30 22:12:49.0625 2668 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/06/30 22:12:52.0046 2668 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/06/30 22:12:54.0515 2668 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/06/30 22:12:56.0281 2668 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/06/30 22:12:57.0890 2668 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2011/06/30 22:12:58.0218 2668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/30 22:12:59.0265 2668 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/06/30 22:12:59.0375 2668 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/06/30 22:13:01.0765 2668 CAMCAUD (baa90d983f77759fc70c65a1ce3d3566) C:\WINDOWS\system32\drivers\camcaud.sys 2011/06/30 22:13:04.0375 2668 CAMCHALA (90d9c324df48bb8e3024e79f5c181784) C:\WINDOWS\system32\drivers\camchal.sys 2011/06/30 22:13:04.0890 2668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/30 22:13:07.0593 2668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/30 22:13:08.0390 2668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/30 22:13:09.0062 2668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/30 22:13:12.0828 2668 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/30 22:13:16.0234 2668 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/30 22:13:24.0328 2668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/30 22:13:26.0078 2668 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys 2011/06/30 22:13:27.0062 2668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/30 22:13:29.0203 2668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/30 22:13:29.0468 2668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/30 22:13:30.0953 2668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/30 22:13:34.0234 2668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/30 22:13:35.0921 2668 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys 2011/06/30 22:13:37.0609 2668 EpmShd (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\system32\drivers\epm-shd.sys 2011/06/30 22:13:38.0484 2668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/30 22:13:38.0843 2668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/30 22:13:39.0687 2668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/30 22:13:40.0937 2668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/30 22:13:43.0000 2668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/30 22:13:43.0328 2668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/30 22:13:43.0656 2668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/30 22:13:45.0406 2668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/30 22:13:46.0750 2668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/30 22:13:50.0656 2668 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 2011/06/30 22:13:52.0656 2668 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/06/30 22:13:54.0203 2668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/30 22:14:00.0125 2668 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/30 22:14:02.0171 2668 ialm (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/06/30 22:14:04.0015 2668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/30 22:14:07.0265 2668 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\Acer\eRecovery\int15.sys 2011/06/30 22:14:08.0390 2668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/30 22:14:09.0343 2668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/30 22:14:10.0421 2668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/30 22:14:10.0843 2668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/30 22:14:12.0484 2668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/30 22:14:13.0375 2668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/30 22:14:15.0015 2668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/30 22:14:16.0359 2668 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/06/30 22:14:17.0671 2668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/30 22:14:18.0953 2668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/30 22:14:20.0562 2668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/30 22:14:22.0234 2668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/30 22:14:23.0218 2668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/30 22:14:28.0046 2668 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/06/30 22:14:29.0468 2668 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/06/30 22:14:30.0046 2668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/30 22:14:31.0312 2668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/30 22:14:32.0015 2668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/30 22:14:33.0640 2668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/30 22:14:36.0500 2668 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS 2011/06/30 22:14:36.0953 2668 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS 2011/06/30 22:14:38.0656 2668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/30 22:14:39.0640 2668 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/30 22:14:40.0671 2668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/30 22:14:41.0937 2668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/30 22:14:43.0250 2668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/30 22:14:43.0906 2668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/30 22:14:45.0859 2668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/30 22:14:47.0296 2668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/30 22:14:47.0671 2668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/30 22:14:49.0171 2668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/30 22:14:51.0343 2668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/30 22:14:52.0468 2668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/30 22:14:54.0625 2668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/30 22:14:56.0234 2668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/30 22:14:58.0296 2668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/30 22:15:01.0812 2668 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/30 22:15:04.0156 2668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/30 22:15:07.0046 2668 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys 2011/06/30 22:15:09.0640 2668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/30 22:15:12.0921 2668 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 2011/06/30 22:15:13.0531 2668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/30 22:15:14.0468 2668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/30 22:15:15.0390 2668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/30 22:15:16.0609 2668 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/30 22:15:19.0656 2668 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys 2011/06/30 22:15:21.0640 2668 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys 2011/06/30 22:15:22.0046 2668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/06/30 22:15:23.0031 2668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/30 22:15:23.0453 2668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/30 22:15:49.0937 2668 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS 2011/06/30 22:15:51.0765 2668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/30 22:16:02.0156 2668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/30 22:16:08.0609 2668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/30 22:17:36.0984 2668 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/06/30 22:17:41.0609 2668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/30 22:17:50.0296 2668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/30 22:17:51.0187 2668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/30 22:18:11.0765 2668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/30 22:18:14.0921 2668 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/06/30 22:18:17.0531 2668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/30 22:18:19.0562 2668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/30 22:18:20.0406 2668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/30 22:18:23.0656 2668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/30 22:18:24.0296 2668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/30 22:18:27.0265 2668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/30 22:18:29.0312 2668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/30 22:18:36.0375 2668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/30 22:18:37.0734 2668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/06/30 22:18:39.0468 2668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/06/30 22:18:50.0671 2668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/30 22:18:51.0687 2668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/30 22:18:55.0234 2668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/30 22:18:59.0453 2668 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/06/30 22:19:02.0328 2668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/30 22:19:06.0078 2668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/30 22:19:32.0734 2668 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/06/30 22:19:36.0156 2668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/30 22:19:40.0328 2668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/30 22:19:46.0531 2668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/30 22:19:52.0546 2668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/30 22:19:55.0093 2668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/30 22:19:57.0781 2668 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys 2011/06/30 22:20:08.0390 2668 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys 2011/06/30 22:20:14.0531 2668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/30 22:20:22.0843 2668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/30 22:20:31.0390 2668 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/30 22:20:38.0531 2668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/30 22:20:43.0562 2668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/30 22:20:48.0453 2668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/30 22:20:50.0593 2668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/30 22:20:52.0640 2668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/30 22:21:06.0875 2668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/30 22:21:20.0265 2668 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/06/30 22:21:25.0718 2668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/30 22:21:35.0484 2668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/30 22:21:40.0875 2668 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/06/30 22:21:47.0093 2668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/30 22:21:47.0265 2668 MBR (0x1B8) (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0 2011/06/30 22:21:47.0421 2668 Boot (0x1200) (9c5e22dfe438baf78a7878b3591fc063) \Device\Harddisk0\DR0\Partition0 2011/06/30 22:21:47.0484 2668 Boot (0x1200) (16b13e33cf1cc9528030d299857c5c65) \Device\Harddisk0\DR0\Partition1 2011/06/30 22:21:47.0500 2668 ================================================================================ 2011/06/30 22:21:47.0500 2668 Scan finished 2011/06/30 22:21:47.0500 2668 ================================================================================ 2011/06/30 22:21:47.0546 3212 Detected object count: 0 2011/06/30 22:21:47.0546 3212 Actual detected object count: 0 Any ideas on what to do next? Many thanks for your help! Hannah:)
- June 30, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah replied to foxhannah's topic in Tech Support & Discussions Forum

Hello Starbuck et al, Thanks for replying to my query - have done as you suggested and below are the reports: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6954 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 26/06/2011 18:51:09 mbam-log-2011-06-26 (18-51-09).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 210796 Time elapsed: 2 hour(s), 26 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 17 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Security Suite (Rogue.InternetSecuritySuite) -> Value: Internet Security Suite -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\hannah fox\Desktop\internet security suite.lnk (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\hannah fox\application data\microsoft\internet explorer\quick launch\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully. c:\documents and settings\hannah fox\start menu\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully. c:\documents and settings\hannah fox\start menu\Programs\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully. OTL logfile created on: 26/06/2011 23:02:35 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Hannah Fox\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.05 Mb Total Physical Memory | 202.61 Mb Available Physical Memory | 40.36% Memory free 1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.89% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 26.38 Gb Total Space | 2.15 Gb Free Space | 8.16% Space Free | Partition Type: FAT32 Drive D: | 26.55 Gb Total Space | 26.45 Gb Free Space | 99.61% Space Free | Partition Type: FAT32 Computer Name: HANNAHFOX | User Name: Hannah Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.) PRC - C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.) PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.) PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc) PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation) MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\vdmdbg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\Motive\McciContextHook_5-0-0_DSR.dll (Motive Communications, Inc.) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll (CyberLink Corp.) ========== Win32 Services (SafeList) ========== SRV - (MpfService) -- File not found SRV - (McSysmon) -- File not found SRV - (McShield) -- File not found SRV - (McNASvc) -- File not found SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation) SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.) ========== Driver Services (SafeList) ========== DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSXpx86.sys (Symantec Corporation) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider) DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys () DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25386 FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/25 16:50:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/14 17:41:18 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/11/12 20:32:06 | 000,000,030 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\EPM-DM.exe (Acer Inc) O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKCU..\Run: [MsnMsgr] File not found O4 - HKCU..\Run: [updateMgr] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: activextool.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites) O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2011/06/26 22:59:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr [2011/06/26 15:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Fox\Application Data\Malwarebytes [2011/06/26 15:23:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/06/26 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/26 15:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/06/26 15:22:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/06/26 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/06/26 08:16:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP [2011/06/25 18:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/06/17 21:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/06/17 21:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/06/17 20:56:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/06/17 20:56:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/06/17 20:56:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/06/17 20:56:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/06/17 20:56:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/06/17 20:30:18 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/26 22:59:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr [2011/06/26 18:59:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2011/06/26 18:59:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/06/26 18:57:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/06/26 18:57:32 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys [2011/06/26 15:23:16 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/26 15:17:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/25 18:52:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/06/18 20:58:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/08 21:32:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/26 15:23:14 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/26 15:17:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/25 18:52:38 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2009/10/03 17:24:09 | 000,048,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/01/01 15:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2009/01/01 15:22:46 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2009/01/01 15:22:46 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2009/01/01 15:22:46 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2009/01/01 15:22:46 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2009/01/01 15:22:46 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2009/01/01 15:22:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2009/01/01 15:22:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/01/01 15:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2009/01/01 15:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2009/01/01 15:22:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2009/01/01 15:22:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2009/01/01 15:22:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2009/01/01 15:22:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2009/01/01 15:22:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2009/01/01 15:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2006/11/11 21:23:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/11/11 21:20:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006/07/08 19:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2006/01/20 19:44:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/01/10 20:21:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Application Data\wklnhst.dat [2006/01/10 07:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/03/30 12:59:26 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini [2005/03/30 12:59:26 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat [2005/03/30 12:23:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/03/30 11:59:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe [2005/03/30 11:58:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/03/30 11:52:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/03/30 11:46:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/03/30 11:45:34 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/03/30 11:38:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005/03/30 11:38:32 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/03/30 11:38:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005/03/30 11:38:32 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/03/30 11:38:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005/03/30 11:38:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/03/30 11:38:29 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005/03/30 11:38:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/03/30 11:38:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005/03/30 11:38:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005/03/30 11:38:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005/03/30 11:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE [1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI [1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini ========== LOP Check ========== [2006/12/10 00:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2006/12/10 00:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/03/03 22:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2009/04/03 11:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/04/06 22:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/09/30 21:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/04/24 13:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/11/12 13:12:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\b2c788 [2010/11/12 13:13:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISIMCUVUDRS [2006/01/10 20:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Template [2006/12/10 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\PC Suite [2006/12/10 00:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Nokia [2006/12/10 00:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\DataLayer [2008/03/04 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\ubi.com [2009/01/01 15:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Panasonic [2009/01/10 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Leadertech [2010/11/12 13:13:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Internet Security Suite [2010/11/13 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Tific ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/03/30 13:08:54 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA [2008/12/29 09:35:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/09/07 16:54:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2009/04/13 09:44:34 | 000,250,048 | RHS- | M] () -- C:\ntldr [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/06/25 18:52:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2005/03/30 11:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT [2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/06/26 18:57:18 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 18:57:32 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys [2008/09/07 16:54:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/09/14 11:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/09/14 11:13:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/10/17 23:09:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/10/17 23:09:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/10/26 15:17:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2008/10/26 15:17:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2008/11/02 22:38:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2008/11/02 22:38:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2008/11/14 19:00:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/11/14 19:00:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2008/12/14 11:05:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2008/12/14 11:05:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2008/12/19 16:37:58 | 000,000,000 | ---- | M] () -- C:\PrMgrAPI.log [2006/01/11 11:43:12 | 000,000,006 | ---- | M] () -- C:\ISACER.ID [2008/12/14 11:20:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/12/14 11:20:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2008/12/14 12:38:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/12/14 12:38:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2008/12/14 13:28:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/12/14 13:28:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2008/12/16 01:32:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/12/16 01:32:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/12/18 21:27:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/12/18 21:27:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/12/19 15:13:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/12/19 15:13:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/12/19 15:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/12/19 15:40:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/12/19 16:50:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/12/19 16:50:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2008/12/20 10:55:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/12/20 10:55:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2008/12/28 21:44:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/12/28 21:44:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/12/28 22:34:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/12/28 22:34:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/12/29 09:08:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/12/29 09:08:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/12/29 09:35:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2005/03/30 11:45:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [2005/03/30 11:45:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/03/30 11:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav < %PROGRAMFILES%\* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 26/06/2011 23:02:35 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Hannah Fox\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.05 Mb Total Physical Memory | 202.61 Mb Available Physical Memory | 40.36% Memory free 1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.89% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 26.38 Gb Total Space | 2.15 Gb Free Space | 8.16% Space Free | Partition Type: FAT32 Drive D: | 26.55 Gb Total Space | 26.45 Gb Free Space | 99.61% Space Free | Partition Type: FAT32 Computer Name: HANNAHFOX | User Name: Hannah Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Documents and Settings\All Users\Application Data\b2c788\ISb2c_302.exe" = C:\Documents and Settings\All Users\Application Data\b2c788\ISb2c_302.exe:*:Enabled:Internet Security Suite "C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe" = C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe:*:Enabled:Norton Security Scan ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 26 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21 "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5 "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP "Conexant PCI Audio" = Conexant AC-Link Audio "GridVista" = Acer GridVista "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers. "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton 360 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14/05/2011 19:12:41 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16485 Error - 14/05/2011 20:13:00 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14/05/2011 20:13:00 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3636188 Error - 14/05/2011 20:13:00 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3636188 Error - 15/05/2011 10:25:30 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15/05/2011 10:25:30 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16031 Error - 15/05/2011 10:25:30 | Computer Name = HANNAHFOX | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16031 Error - 18/06/2011 15:40:23 | Computer Name = HANNAHFOX | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/06/2011 04:42:22 | Computer Name = HANNAHFOX | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 19/06/2011 04:45:11 | Computer Name = HANNAHFOX | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. [ System Events ] Error - 26/06/2011 09:21:47 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee Real-time Scanner service failed to start due to the following error: %%3 Error - 26/06/2011 09:21:47 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee Personal Firewall Service service failed to start due to the following error: %%3 Error - 26/06/2011 09:22:42 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. Error - 26/06/2011 09:22:42 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The HTTP SSL service failed to start due to the following error: %%1053 Error - 26/06/2011 13:57:39 | Computer Name = HANNAHFOX | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.106 for the Network Card with network address 0013CE70F320 has been denied by the DHCP server 10.155.18.217 (The DHCP Server sent a DHCPNACK message). Error - 26/06/2011 13:59:10 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee SiteAdvisor Service service failed to start due to the following error: %%3 Error - 26/06/2011 13:59:10 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee Network Agent service failed to start due to the following error: %%3 Error - 26/06/2011 13:59:10 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee Real-time Scanner service failed to start due to the following error: %%3 Error - 26/06/2011 13:59:10 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7000 Description = The McAfee Personal Firewall Service service failed to start due to the following error: %%3 Error - 26/06/2011 13:59:10 | Computer Name = HANNAHFOX | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde < End of report > Hope this is all the info you need, let me know if not and fingers crossed we can get it sorted! Thanks! Hannah
- June 26, 2011
- 19 replies
Worried about virus in computer after dodgy telephone scam

foxhannah posted a topic in Tech Support & Discussions Forum

I'm based in the UK and I recently got a phonecall claiming to be from microsoft, saying they had received reports that my computer was highly infected with viruses. He told me to open up a window (some kind of program viewer) and then asked how many error messages I had. There were lots, and when I told him that he started saying 'oh my god, oh my god, your computer is highly infected'. I immediately panicked and allowed one of his 'technicians' to access my computer remotely. When he said I had lots of viruses and that they needed to clean them up, I immediately thought, how much is this going to cost? When I eventually got a figure from him (£179) I said that was a lot of money and I wasn't sure I could afford it. He started getting very pushy and saying I needed to get it sorted otherwise my computer would crash. While he was talking to me, I started searching 'microsoft telephone call scam' and found lots of forum posts saying they'd also received a call like this and that it was a scam as Microsoft never call you. A couple of times when I tried to click on these forum pages, the internet explorer window immediately shut down - wasn't sure if that was the technician closing them down remotely to try and stop me reading them! Anyway, I told the guy I needed to think about it, took his name (Ricky James, although he sounded Indian so I think that's fake) and number and hung up. The only info I provided to him was my name, mob number and email (which I'm still extremely worried about). Didn't send over any bank details etc. I then terminated the remote access box that the 'technician' had been using HOWEVER, I am absolutely TERRIFIED now that they've implanted some kind of virus or spyware, or that they're going to steal my identity. I've got Norton 360 AV program and that hasn't picked anything up, but I'm still worried. I'm not an especially savvy computer user (which is why I started to fall the scam) and I my computer has slowed down recently, which is why I thought initially that they were genuine. Please help!
- June 26, 2011
- 19 replies

Sign In

foxhannah

Posts

Joined

Last visited

Tech Info

foxhannah's Achievements

Newbie (1/14)

Reputation

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Worried about virus in computer after dodgy telephone scam

Browse

Activity

Site Info