Worried about virus in computer after dodgy telephone scam

foxhannah · June 26, 2011

I'm based in the UK and I recently got a phonecall claiming to be from microsoft, saying they had received reports that my computer was highly infected with viruses.

He told me to open up a window (some kind of program viewer) and then asked how many error messages I had. There were lots, and when I told him that he started saying 'oh my god, oh my god, your computer is highly infected'.

I immediately panicked and allowed one of his 'technicians' to access my computer remotely. When he said I had lots of viruses and that they needed to clean them up, I immediately thought, how much is this going to cost?

When I eventually got a figure from him (£179) I said that was a lot of money and I wasn't sure I could afford it. He started getting very pushy and saying I needed to get it sorted otherwise my computer would crash.

While he was talking to me, I started searching 'microsoft telephone call scam' and found lots of forum posts saying they'd also received a call like this and that it was a scam as Microsoft never call you. A couple of times when I tried to click on these forum pages, the internet explorer window immediately shut down - wasn't sure if that was the technician closing them down remotely to try and stop me reading them!

Anyway, I told the guy I needed to think about it, took his name (Ricky James, although he sounded Indian so I think that's fake) and number and hung up. The only info I provided to him was my name, mob number and email (which I'm still extremely worried about). Didn't send over any bank details etc. I then terminated the remote access box that the 'technician' had been using

HOWEVER, I am absolutely TERRIFIED now that they've implanted some kind of virus or spyware, or that they're going to steal my identity. I've got Norton 360 AV program and that hasn't picked anything up, but I'm still worried.

I'm not an especially savvy computer user (which is why I started to fall the scam) and I my computer has slowed down recently, which is why I thought initially that they were genuine.

Please help!

Wolf · June 26, 2011

Hello Foxy

Welcome to FPCH

Oh how I wish I got these kinds of calls as I'd take great delight in ripping their guts out with my claws and he would have got nothing out of me whatsoever.

If the guy had you install some obscure remote access software then remove it NOW.

After that let's have a look at your machine to see if it's clean.

Start by reading this link with regard to security.

http://extremetechsupport.com/threads/10689-Before-posting-for-Malware-Removal-help.

Edited June 26, 2011 by Wolf

KenB · June 26, 2011

Just to allay your fears:

The scam is to get you to part with your cash ( which thankfully you didn't ).

It is unlikely that they have put anything on your system - other than the software to give them remote access.

I assume that you have remeoved the installed software?

To confirm this I will PM one of our security experts and ask him to take a look at your system for you - just to be sure.

To be on the safe side I would advise that you change any passwords to banks etc.

I would also inform the banks / credit cards what had happened - they will have more advice.

If you don't keep delicate information on your system then you should be perfectly OK.

However, again just to be certain, DO NOT use that particular machine to access bank details etc. until you get the all clear from Starbuck or etravares

Starbuck · June 26, 2011

Hi foxhannah

KenB is correct when he says:

The scam is to get you to part with your cash ( which thankfully you didn't ).
It is unlikely that they have put anything on your system - other than the software to give them remote access.

I've checked systems before that had this done to them and in the past have found no actual malware installed.

But there's always a first time, so we shouldn't take anything for granted.

If you haven't already followed the link given by Wolf .... please follow these 2 steps.

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:

MBAM report

both reports from OTL

Thanks.

foxhannah · June 26, 2011

Hello Starbuck et al,

Thanks for replying to my query - have done as you suggested and below are the reports:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6954

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

26/06/2011 18:51:09

mbam-log-2011-06-26 (18-51-09).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 210796

Time elapsed: 2 hour(s), 26 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 17

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Security Suite (Rogue.InternetSecuritySuite) -> Value: Internet Security Suite -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\hannah fox\Desktop\internet security suite.lnk (Rogue.Link) -> Quarantined and deleted successfully.

c:\documents and settings\hannah fox\application data\microsoft\internet explorer\quick launch\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

c:\documents and settings\hannah fox\start menu\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

c:\documents and settings\hannah fox\start menu\Programs\internet security suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

OTL logfile created on: 26/06/2011 23:02:35 - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Hannah Fox\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.05 Mb Total Physical Memory | 202.61 Mb Available Physical Memory | 40.36% Memory free

1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.89% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 26.38 Gb Total Space | 2.15 Gb Free Space | 8.16% Space Free | Partition Type: FAT32

Drive D: | 26.55 Gb Total Space | 26.45 Gb Free Space | 99.61% Space Free | Partition Type: FAT32

Computer Name: HANNAHFOX | User Name: Hannah Fox | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.)

PRC - C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)

PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)

PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc)

PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr (OldTimer Tools)

MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll (Symantec Corporation)

MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton 360\Engine\5.1.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\vdmdbg.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Motive\McciContextHook_5-0-0_DSR.dll (Motive Communications, Inc.)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

MOD - C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll (CyberLink Corp.)

========== Win32 Services (SafeList) ==========

SRV - (MpfService) -- File not found

SRV - (McSysmon) -- File not found

SRV - (McShield) -- File not found

SRV - (McNASvc) -- File not found

SRV - (McAfee SiteAdvisor Service) -- File not found

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)

SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)

========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSXpx86.sys (Symantec Corporation)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVENG.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)

DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)

DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)

DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)

DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)

DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25386

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/25 16:50:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/14 17:41:18 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/11/12 20:32:06 | 000,000,030 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\EPM-DM.exe (Acer Inc)

O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)

O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [eyeBeam SIP Client] File not found

O4 - HKCU..\Run: [MsnMsgr] File not found

O4 - HKCU..\Run: [updateMgr] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: activextool.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 22:59:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr

[2011/06/26 15:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Fox\Application Data\Malwarebytes

[2011/06/26 15:23:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/06/26 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/26 15:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/06/26 15:22:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/06/26 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/26 08:16:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP

[2011/06/25 18:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2011/06/17 21:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/06/17 21:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/06/17 20:56:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/06/17 20:56:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/06/17 20:56:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/06/17 20:56:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/06/17 20:56:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/06/17 20:30:18 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 22:59:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Fox\Desktop\OTL.scr

[2011/06/26 18:59:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini

[2011/06/26 18:59:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/26 18:57:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/26 18:57:32 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/26 15:23:16 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/26 15:17:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/25 18:52:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2011/06/18 20:58:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/08 21:32:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 15:23:14 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/26 15:17:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/25 18:52:38 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2009/10/03 17:24:09 | 000,048,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/01/01 15:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI

[2009/01/01 15:22:46 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/01/01 15:22:46 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/01/01 15:22:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/01/01 15:22:46 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/01/01 15:22:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/01/01 15:22:46 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2009/01/01 15:22:46 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2009/01/01 15:22:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/01/01 15:22:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/01/01 15:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2009/01/01 15:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2009/01/01 15:22:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2009/01/01 15:22:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2009/01/01 15:22:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2009/01/01 15:22:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2009/01/01 15:22:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2009/01/01 15:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2006/11/11 21:23:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2006/11/11 21:20:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2006/07/08 19:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI

[2006/01/20 19:44:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/01/10 20:21:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hannah Fox\Application Data\wklnhst.dat

[2006/01/10 07:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini

[2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini

[2005/03/30 12:59:26 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini

[2005/03/30 12:59:26 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat

[2005/03/30 12:23:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2005/03/30 12:22:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/03/30 11:59:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

[2005/03/30 11:58:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/03/30 11:52:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/03/30 11:46:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/03/30 11:45:34 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/03/30 11:38:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/03/30 11:38:32 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/03/30 11:38:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/03/30 11:38:32 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/03/30 11:38:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/03/30 11:38:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/30 11:38:29 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/03/30 11:38:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/03/30 11:38:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/03/30 11:38:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/03/30 11:38:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/03/30 11:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys

[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE

[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI

[1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2006/12/10 00:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2006/12/10 00:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2008/03/03 22:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2009/04/03 11:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/04/06 22:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/09/30 21:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/04/24 13:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/12 13:12:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\b2c788

[2010/11/12 13:13:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISIMCUVUDRS

[2006/01/10 20:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Template

[2006/12/10 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\PC Suite

[2006/12/10 00:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Nokia

[2006/12/10 00:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\DataLayer

[2008/03/04 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\ubi.com

[2009/01/01 15:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Panasonic

[2009/01/10 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Leadertech

[2010/11/12 13:13:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Internet Security Suite

[2010/11/13 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Fox\Application Data\Tific

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2005/03/30 13:08:54 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA

[2008/12/29 09:35:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2008/09/07 16:54:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/04/13 09:44:34 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011/06/25 18:52:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2005/03/30 11:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2005/03/30 12:23:20 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT

[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/06/26 18:57:18 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

[2011/06/26 18:57:32 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys

[2008/09/07 16:54:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2008/09/14 11:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2008/09/14 11:13:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2008/10/17 23:09:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2008/10/17 23:09:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2008/10/26 15:17:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2008/10/26 15:17:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2008/11/02 22:38:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2008/11/02 22:38:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2008/11/14 19:00:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2008/11/14 19:00:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2008/12/14 11:05:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2008/12/14 11:05:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2008/12/19 16:37:58 | 000,000,000 | ---- | M] () -- C:\PrMgrAPI.log

[2006/01/11 11:43:12 | 000,000,006 | ---- | M] () -- C:\ISACER.ID

[2008/12/14 11:20:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2008/12/14 11:20:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2008/12/14 12:38:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2008/12/14 12:38:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2008/12/14 13:28:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2008/12/14 13:28:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2008/12/16 01:32:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2008/12/16 01:32:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2008/12/18 21:27:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2008/12/18 21:27:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2008/12/19 15:13:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2008/12/19 15:13:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2008/12/19 15:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2008/12/19 15:40:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2008/12/19 16:50:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2008/12/19 16:50:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2008/12/20 10:55:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008/12/20 10:55:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008/12/28 21:44:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008/12/28 21:44:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008/12/28 22:34:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2008/12/28 22:34:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2008/12/29 09:08:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2008/12/29 09:08:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2008/12/29 09:35:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

[2005/03/30 11:45:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[2005/03/30 11:45:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005/03/30 11:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %PROGRAMFILES%\* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/04/30 12:21:08 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 26/06/2011 23:02:35 - Run 1