katybut Posted May 17, 2011 Posted May 17, 2011 I'm hoping a computer whizz can advise me..... I've just had a call from someone from 'Online PC Masters' claiming to be a company providing technical support to Microsoft customers. They said an error message had been sent to them from my computer saying it is infected with a trojan virus. They said this trojan virus cannot be detected by other protection software (I have McAfee and am with BT). Stupidly stupidly stupidly I allowed him remote access to my comuter which he used to download something called PC Optimizer Pro. This ran a 'scan' and showed me all of the 'errors' and 'corrupt' files that are on my computer. After that he uninstalled PC Optimizer Pro and stopped the remote access and proceeded to tell me that I should by this software for £79.95 which will protect me for life, blah blah blah. By this stage I realised it was a scam and refused to pay giving an excuse that I should ask the rest of my family, etc. It is a scam which I have since googled and many people have reported the same sort of phone calls. I am worried that I gave him remote access. Please can someone tell me if that will have damaged my computer in any way? Will he have put a virus on it? Or has he now got access to my personal information? Has he or can he now hack into my computer when ever he wants? As you can tell, I'm feeling rather stressed. Can someone please advise me on this? Many thanks!!! xxx Quote
KenB Posted May 17, 2011 Posted May 17, 2011 Hi Katy and welcome to ExTS. Starbuck will be able to give you further information but for the time being .... 1. If you store information like passwords etc to bank accounts on your computer change them IMMEDIATELY then contact your bank(s) and let them know what has happened. You should be able to block any unusual withdrawalls. 2. If you keep credit card details then you need to contact your card provider too. Has he or can he now hack into my computer when ever he wants? Unlikely. If you have a router with a firewall ( most do ) and a software firewall then you should be OK. This is one for Starbuck. if that will have damaged my computer in any way? Unlikely. They are interested in your money not damaging your system. However, Starbuck will be able to check out your system for you. The main thing is stopping access to your accounts. Unless you keep these details on your system they should be OK - but as a precaution I would change passwords and inform card providers and take their advice. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
KenB Posted May 17, 2011 Posted May 17, 2011 One other thought ... If you are accessing your bank accounts DO NOT use this computer. Change the password from a different computer. They may have put key-logger software on your system and may be able to monitor key strokes. Do NOT use this computer for accessing your accounts until Starbuck gives the system the all clear. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
katybut Posted May 17, 2011 Author Posted May 17, 2011 Thank you! That's really helpful! I guess I'll wait to see what starbuck says... I did a full security scan using my McAfee and it said nothing was found but I don't know if that includes the possible key-logger software that you mentioned. Thank you very much. xxx Quote
KenB Posted May 17, 2011 Posted May 17, 2011 I will ask him to take a look :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ExTS Admin Starbuck Posted May 17, 2011 ExTS Admin Posted May 17, 2011 Thanks for the message and the help you have given Ken http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif Hi katybut Very good advice so far about changing any passwords ( you can never be too careful) Can you remember the date and approx time this happened? (it'll help enormously when going through the reports) First we need to check your system before we can make any conclusions on what may have been done. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM report both reports from Otl Thanks. Quote Member of:UNITE
katybut Posted May 17, 2011 Author Posted May 17, 2011 Hi Starbuck, Thank you for all your help so far. I REALLY appreciate it!! It happened today, well yesterday now, Tue 17th May, at about 5.30pm. I've done everything you said and here are the results: OTL Extras logfile created on: 17/05/2011 23:52:45 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kerry\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 277.07 Gb Total Space | 153.44 Gb Free Space | 55.38% Space Free | Partition Type: NTFS Drive D: | 21.01 Gb Total Space | 14.34 Gb Free Space | 68.27% Space Free | Partition Type: FAT32 Computer Name: BUTLER | User Name: Kerry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax "C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{095B0246-4EB6-45B9-B1BE-536097A0BDDA}" = HD Writer 2.5E for HDC "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5B8072B3-A576-4C0B-99BC-FAA7145A1033}" = Nero 7 Essentials "{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3F24DCE-F48D-4525-BA3A-1E2361725C21}" = Mirar "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F79A208D-D929-11D9-9D77-000129760D75}" = MagicDirector 1.2 "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "BT Yahoo! Applications" = BT Yahoo! Applications "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "IPA/SAM Phonetic Fonts_is1" = IPA/SAM Phonetics Fonts "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = BT NetProtect Plus "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Quick MPEG Splitter v2.0_is1" = Quick MPEG Splitter v2.0 "RealPlayer 6.0" = RealPlayer "TVEpaDrv" = DVD Maker WDM Drivers "ViewpointMediaPlayer" = Viewpoint Media Player "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X10Hardware" = X10 Hardware "ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/05/2011 11:59:25 | Computer Name = BUTLER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 09/05/2011 03:57:36 | Computer Name = BUTLER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10o.ocx, version 10.2.153.1, fault address 0x000cfeab. Error - 11/05/2011 14:32:35 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3024 Description = The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error - 14/05/2011 14:29:42 | Computer Name = BUTLER | Source = Application Error | ID = 1000 Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000551a9. Error - 14/05/2011 14:32:07 | Computer Name = BUTLER | Source = Application Error | ID = 1004 Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000551a9. Error - 14/05/2011 14:52:25 | Computer Name = BUTLER | Source = Application Error | ID = 1001 Description = Fault bucket -1992328756. Error - 14/05/2011 15:27:30 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\BT NETPROTECT PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 14/05/2011 15:27:30 | Computer Name = BUTLER | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\BT NETPROTECT PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 17/05/2011 06:57:44 | Computer Name = BUTLER | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/05/2011 06:57:50 | Computer Name = BUTLER | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ OSession Events ] Error - 26/03/2009 03:38:24 | Computer Name = BUTLER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 171 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The TVEnhance Background Capture Service (TBCS) service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The X10 Device Network Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:56:58 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The TVEnhance Task Scheduler (TTS)) service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:57:00 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 16:58:04 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7034 Description = The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). Error - 17/05/2011 17:10:37 | Computer Name = BUTLER | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.74 for the Network Card with network address 0012BFC4AC83 has been denied by the DHCP server 10.87.250.25 (The DHCP Server sent a DHCPNACK message). Error - 17/05/2011 17:12:18 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7000 Description = The Automatic LiveUpdate Scheduler service failed to start due to the following error: %%2 Error - 17/05/2011 18:47:24 | Computer Name = BUTLER | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.74 for the Network Card with network address 0012BFC4AC83 has been denied by the DHCP server 10.87.250.25 (The DHCP Server sent a DHCPNACK message). Error - 17/05/2011 18:49:02 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7000 Description = The Automatic LiveUpdate Scheduler service failed to start due to the following error: %%2 Error - 17/05/2011 18:49:02 | Computer Name = BUTLER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde < End of report > OTL logfile created on: 17/05/2011 23:52:45 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kerry\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 277.07 Gb Total Space | 153.44 Gb Free Space | 55.38% Space Free | Partition Type: NTFS Drive D: | 21.01 Gb Total Space | 14.34 Gb Free Space | 68.27% Space Free | Partition Type: FAT32 Computer Name: BUTLER | User Name: Kerry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kerry\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) PRC - C:\WINDOWS\emMON.exe (eMPIA Technology, Inc.) PRC - C:\Program Files\TEVION Multimedia\PVR Plus\TVR\Scheduled.exe () PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kerry\Desktop\OTL.scr (OldTimer Tools) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate) -- File not found SRV - (Automatic LiveUpdate Scheduler) -- File not found SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (Windows ® Server 2003 DDK provider) DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 23 01 14 D2 C6 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 17:32:37 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/03/15 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517115202.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bullGuard] File not found O4 - HKLM..\Run: [emMON] C:\WINDOWS\emMON.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [instantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PVR Agent] C:\Program Files\TEVION Multimedia\PVR Plus\TVR\Scheduled.exe () O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [userFaultCheck] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110428084740 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161859651439 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161863106296 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kerry\My Documents\My Pictures\untitled.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kerry\My Documents\My Pictures\untitled.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011/05/17 23:50:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.scr [2011/05/17 23:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2011/05/17 22:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\Malwarebytes [2011/05/17 22:20:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/17 22:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/17 22:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/17 22:20:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/17 22:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/17 22:19:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/17 21:56:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\TFC.exe [2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro [2011/05/17 17:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\TeamViewer [2011/05/15 13:02:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\Documents and Settings\LocalService\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/17 23:54:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0DC6111A-2252-45B7-8185-9EACA4E94B84}.job [2011/05/17 23:50:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\OTL.scr [2011/05/17 23:49:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/05/17 23:47:42 | 000,088,565 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/05/17 23:47:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/17 23:47:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/17 23:47:30 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2011/05/17 23:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2011/05/17 22:47:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/17 22:20:52 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/17 22:19:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kerry\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/17 21:56:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerry\Desktop\TFC.exe [2011/05/15 13:02:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/02 13:34:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2011/05/17 22:20:52 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/17 22:11:55 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2010/05/02 13:47:37 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/30 19:22:32 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\keyfile3.drm [2009/07/13 10:35:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll [2009/04/15 13:40:42 | 000,007,867 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2009/03/03 14:07:23 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/05 11:23:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/01/23 13:56:40 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kerry\Local Settings\Application Data\fusioncache.dat [2009/01/21 12:52:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll [2008/11/23 15:49:04 | 000,003,668 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini [2008/11/07 11:53:01 | 000,001,948 | ---- | C] () -- C:\WINDOWS\unins000.dat [2008/10/05 17:27:12 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2008/10/05 17:27:12 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2008/10/05 17:27:12 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2008/10/05 17:27:12 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2008/10/05 17:27:12 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2008/10/05 17:27:12 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2008/10/05 17:27:12 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2008/10/05 17:27:12 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2008/10/05 17:27:12 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2008/10/05 17:27:12 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2008/10/05 17:27:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2008/10/05 17:27:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2008/10/05 17:27:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2008/10/05 17:27:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2008/10/05 17:27:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2008/10/05 17:27:12 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2008/10/05 17:27:12 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2008/10/05 17:27:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2008/10/05 17:27:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008/10/05 17:22:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini [2008/10/02 19:10:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2008/10/02 18:53:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/10/27 11:56:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006/10/24 14:52:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/10/24 14:09:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/24 13:54:37 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/10/24 13:54:37 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\0CF5FC4383.sys [2006/10/24 13:00:08 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006/10/24 12:53:03 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2006/10/24 12:53:03 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2006/10/24 12:53:03 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin [2006/10/24 12:46:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2006/10/24 12:37:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/10/24 12:37:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/10/24 11:47:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/24 11:47:11 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006/10/24 11:47:11 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/24 11:47:11 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006/10/24 11:47:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/24 11:47:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/24 11:47:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006/10/24 11:47:10 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/10/24 11:47:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006/09/29 18:57:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/09/29 18:52:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/09/29 11:45:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/09/29 11:45:03 | 000,302,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/09/29 11:35:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/09/29 11:20:47 | 000,000,769 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/09/29 10:33:52 | 000,001,692 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/03/15 13:00:00 | 000,460,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/03/15 13:00:00 | 000,077,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/03/15 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/01/16 05:00:00 | 000,076,946 | ---- | C] () -- C:\WINDOWS\unins000.exe [2001/09/04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/09/04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010/02/23 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology [2010/08/05 18:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2008/10/05 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008/10/04 21:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2009/01/21 15:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2011/05/17 17:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro [2008/10/04 21:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/10/05 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2006/10/27 11:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/10/24 13:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings [2008/10/09 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/01/04 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\EPSON [2010/12/20 18:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\LimeWire [2009/07/22 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\MSNInstaller [2009/01/17 11:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Nokia [2008/10/05 16:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\PC Suite [2011/05/17 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\TeamViewer [2009/01/11 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Windows Desktop Search [2010/04/13 10:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerry\Application Data\Windows Search [2011/05/17 23:54:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0DC6111A-2252-45B7-8185-9EACA4E94B84}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/05 13:16:40 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/10/27 11:58:09 | 000,000,921 | -H-- | M] () -- C:\IPH.PH [2008/12/18 22:59:09 | 000,000,451 | ---- | M] () -- C:\LOG4.log [2008/12/20 15:26:40 | 000,000,451 | ---- | M] () -- C:\LOG5.log [2008/12/20 15:44:22 | 000,000,451 | ---- | M] () -- C:\LOGC.log [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/03/15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/29 15:19:37 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/05/17 23:47:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2008/10/28 09:12:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2008/10/30 20:35:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2008/10/30 20:42:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2008/10/30 22:55:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2008/11/01 13:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2008/11/07 19:51:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2008/11/07 19:57:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2008/11/07 20:09:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/11/12 23:37:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/11/19 21:03:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2008/11/24 11:04:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2008/11/28 22:08:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2008/11/28 22:12:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/11/28 22:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/28 22:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/28 22:22:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/28 22:25:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/04 21:29:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/04 21:40:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2008/10/28 08:52:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2008/10/28 09:12:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/10/30 20:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/10/30 20:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/10/30 22:55:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/11/01 13:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/11/07 19:51:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/11/07 19:57:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/11/07 20:09:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/11/12 23:37:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/11/19 21:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/11/24 11:04:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/11/28 22:08:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/11/28 22:12:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/28 22:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/28 22:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/28 22:22:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/11/28 22:25:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/04 21:29:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/04 21:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/10/28 08:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/09/29 11:44:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/09/29 11:44:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006/09/29 11:44:04 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < %SYSTEMDRIVE%\*.* > [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/05 13:16:40 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2006/09/29 18:55:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/05/17 23:47:21 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/10/27 11:58:09 | 000,000,921 | -H-- | M] () -- C:\IPH.PH [2008/12/18 22:59:09 | 000,000,451 | ---- | M] () -- C:\LOG4.log [2008/12/20 15:26:40 | 000,000,451 | ---- | M] () -- C:\LOG5.log [2008/12/20 15:44:22 | 000,000,451 | ---- | M] () -- C:\LOGC.log [2006/09/29 18:55:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/03/15 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/29 15:19:37 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/05/17 23:47:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2008/10/28 09:12:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2008/10/30 20:35:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2008/10/30 20:42:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2008/10/30 22:55:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2008/11/01 13:49:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2008/11/07 19:51:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2008/11/07 19:57:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2008/11/07 20:09:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/11/12 23:37:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/11/19 21:03:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2008/11/24 11:04:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2008/11/28 22:08:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2008/11/28 22:12:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/11/28 22:16:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/28 22:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/28 22:22:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/28 22:25:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/01/04 21:29:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/01/04 21:40:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2008/10/28 08:52:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2008/10/28 09:12:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/10/30 20:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/10/30 20:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/10/30 22:55:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/11/01 13:49:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/11/07 19:51:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/11/07 19:57:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/11/07 20:09:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/11/12 23:37:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/11/19 21:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/11/24 11:04:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/11/28 22:08:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/11/28 22:12:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/28 22:16:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/28 22:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/28 22:22:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/11/28 22:25:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/01/04 21:29:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/01/04 21:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/10/28 08:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/09/29 11:44:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/09/29 11:44:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006/09/29 11:44:04 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < > < > < > < End of report > Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6600 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/05/2011 23:44:53 mbam-log-2011-05-17 (23-44-53).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 302629 Time elapsed: 1 hour(s), 21 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\Steph\application data\dealassistant (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\Steph\application data\dealassistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully. I look forward to hearing from you. Many thanks... :) Quote
ExTS Admin Starbuck Posted May 18, 2011 ExTS Admin Posted May 18, 2011 Hi katybut There's not really much in the reports. A couple of leftovers from what was added, but nothing serious. There's also some 'Orphan' registry entries we can take care of. MBAM did remove a few things but as there's no date with the entries, we've no idea how long they've been on the system. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl SRV - (LiveUpdate) -- File not found SRV - (Automatic LiveUpdate Scheduler) -- File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3F24DCE-F48D-4525-BA3A-1E2361725C21} - No CLSID value found. O4 - HKLM..\Run: [bullGuard] File not found O4 - HKLM..\Run: [userFaultCheck] File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2011/05/17 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro [2011/05/17 17:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerry\Application Data\TeamViewer :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 25 and save it to your desktop. Scroll down to where it says "Java SE 6 Update 25". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version. Step 3 Let's get an online scan done as a double check: I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report Thanks. Quote Member of:UNITE
katybut Posted May 18, 2011 Author Posted May 18, 2011 Hi Starbuck, Thank you again for your time. I notice there have been a few things found... this is worrying! Please tell me what to do next. Thank you so much for your help! The reports are as follows: OTL: All processes killed ========== OTL ========== Service LiveUpdate stopped successfully! Service LiveUpdate deleted successfully! File File not found not found. Service Automatic LiveUpdate Scheduler stopped successfully! Service Automatic LiveUpdate Scheduler deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C3F24DCE-F48D-4525-BA3A-1E2361725C21} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F24DCE-F48D-4525-BA3A-1E2361725C21}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C3F24DCE-F48D-4525-BA3A-1E2361725C21} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F24DCE-F48D-4525-BA3A-1E2361725C21}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro\LOGS folder moved successfully. C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro folder moved successfully. C:\Documents and Settings\Kerry\Application Data\TeamViewer folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Kerry\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Kerry\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Julie ->Temp folder emptied: 590740 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kerry ->Temp folder emptied: 763137 bytes ->Temporary Internet Files folder emptied: 16934894 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 470 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Steph ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 18.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Julie ->Flash cache emptied: 0 bytes User: Kerry ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Steph ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05182011_203927 Files\Folders moved on Reboot... C:\Documents and Settings\Kerry\Local Settings\Temp\~DFBEBC.tmp moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\L1NDQCWV\ads[1].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\L1NDQCWV\ads[2].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4ON8YGYD\11738-Online-PC-Masters-Scam!-HELP!!!!!-([2].htm moved successfully. C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... ESETScan: C:\Documents and Settings\Kerry\My Documents\My Music\ADELE- CHASING PAYMENTS.wma probably a variant of Win32/Agent.NHDFUMT trojan cleaned by deleting - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\Beatles - Something in the Way She Moves.wma probably a variant of Win32/Agent.NKIMEUN trojan cleaned by deleting - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\fun house pink.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\i wanna hold your hand beatles.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\me you song (hot new track).au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Kerry\My Documents\My Music\Take That - Greatest Day.wma WMA/TrojanDownloader.Wimad.NAA trojan cleaned by deleting - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5116053-mini fever mtv chart #1 hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5164463-rockin to beat black eyed peas the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5178711-ill never be same new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5182556-in your shoes beverley knight the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5299854-you got to show me love [club mix].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Incomplete\T-5848441-get me out of here esmay hot new track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\Agnes - Release me.wma probably a variant of Win32/Agent.MDJODMK trojan cleaned by deleting - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\esmay remix feat the black eyed peas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\goodbye christina debarge.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\groovejet dj spiller.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\my lips like sugar flo rida 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\perempey dee the new unreleased single.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Documents and Settings\Steph\My Documents\LimeWire\Saved\u girls look so sexy nush 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined Quote
ExTS Admin Starbuck Posted May 19, 2011 ExTS Admin Posted May 19, 2011 Hi katybut I notice there have been a few things found. The joys of P2P file sharing i'm afraid. I noticed Limewire in your firewall settings but saw nothing in your uninstall list. I assume that Limewire was removed when it was taken out of commission? That was why the double check scan. Eset has taken care of those things now...... so remember in future, P2P file sharing just is not safe. No matter what someone will tell you. Run the system until this evening and see if you get any problems of any kind. You should be ok though as everything looks ok now. I'm away this weekend, so if everything is running ok this evening let me know and we'll finish off the cleaning process. Quote Member of:UNITE
katybut Posted May 19, 2011 Author Posted May 19, 2011 Hi Starbuck, Do you mean, just use the computer as normal and see if anything strange happens? Sorry if that's a dumb question! I must say I haven't noticed anything unusual since we started anyway, although I haven't even attempted any online banking as I have been too scared of this until you could give me the all clear. Thank you for informing me of the P2P file sharing. I noticed a lot of the trojans were music ones, and read that you'd told someone else the same thing about that. So do you think the viruses we've found from all the scans you said to do were from a while back then, and nothing to do with the remote access from that scam? Can you tell that there's not been any key logger stuff put on, or is that too hard to tell? I notice that a lot of your replies to people are similar and saying to run the same scans etc. I know it might seem monotonous to you and frustrating that you say the same thing to lots of people, but for the average computer user that doesn't know about these things, your information and help is a blessing!! Really it is! Ok so I'm happy to do what ever is next...? Quote
ExTS Admin Starbuck Posted May 19, 2011 ExTS Admin Posted May 19, 2011 Hi katybut Do you mean, just use the computer as normal and see if anything strange happens? Yes, that's basically what i mean. You know the system, so you are the best judge of whether it's running right or not. I can only go by what a member tells me. ( obviously i see things in the reports, but that doesn't always tell me if there are other problems). Sorry if that's a dumb question! It's like we always say..... there's no such thing as a dumb question. If you don't know the answer to something, then ask. It's the ones that don't ask things that actually struggle. So do you think the viruses we've found from all the scans you said to do were from a while back then, and nothing to do with the remote access from that scam? Can you tell that there's not been any key logger stuff put on, It would appear that what was removed was from an earlier date. There was a few little leftovers from the files that were added during the phone call, but they have been removed now. It would appear that the scam was to get you to part with money for a program that you didn't need. It doesn't seem as if stealing your details was the purpose this time. MBAM and the Eset online scan are very good at detecting keyloggers, but they didn't find anything. I notice that a lot of your replies to people are similar and saying to run the same scans etc. I know it might seem monotonous to you and frustrating that you say the same thing to lots of people, but for the average computer user that doesn't know about these things, your information and help is a blessing!! Although a lot of help given may seem the same, we look at each request for help on it's own. Each set of fixes are for that system alone and although they may seem the same they more often than not, are quite different. We know what each program we suggest is good at. They each have their own capabilities and strengths. E.G: Eset is very good at finding P2P infections. While other scans are better at finding other things. I haven't noticed anything unusual since we started anyway, That's good. Your banking details shouldn't be a problem. We'd have seen signs in the reports if something had been added. If you have no other questions we'll finish off. But if you do have any other questions, ask now. Quote Member of:UNITE
katybut Posted May 19, 2011 Author Posted May 19, 2011 Hi Starbuck, No I have no other questions. Thank you SO MUCH for all your help and explaining everything to me. I can't tell you how grateful I am!!!! I would still be beside myself if I had not found you. I had no idea this wonderful site with people like you was out there. I don't want to sound too dramatic but seriously, you have restored my faith in humans, as after falling or almost falling for a scam, you feel so negative and bitter towards the people that did it, and you feel like the minority and like there are few good people out there. But that's not true, as I've found. :D THANK YOU SO MUCH! Have a nice weekend away - you deserve it! Katybut Quote
ExTS Admin Starbuck Posted May 19, 2011 ExTS Admin Posted May 19, 2011 Hi Katybut Thank you for your comments. Always remember.... all the staff here where just like you at one time. I used to be terrible for getting my system infected. http://fc06.deviantart.net/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif One site must have got fed up with me because they asked me if i wanted to join their malware removal training school. The rest as they say, is history. Now i try to help people just like they used to help me. Let's finish off now. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 3 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
katybut Posted May 20, 2011 Author Posted May 20, 2011 Hi Starbuck, Thanks for all your help. I've done all the clear up bits you've suggested. I just wanted to check that when you suggest downloading the antivirus software and 3rd party firewall, you mean that's ok for me to use in conjunction with McAfee that I already have? Just wanted to double check before I go ahead. Thanks. K Quote
KenB Posted May 20, 2011 Posted May 20, 2011 Hi Katy, I hope Starbuck will excuse me butting in ( I know he is away for the weekend ) you mean that's ok for me to use in conjunction with McAfee It is not a good idea to have two AVs on your system at the same time. They will conflict and cause problems. Starbuck will confirm when he returns :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
katybut Posted May 20, 2011 Author Posted May 20, 2011 Hi Ken, Thanks, I suspected that might be the case. K Quote
ExTS Admin Starbuck Posted May 20, 2011 ExTS Admin Posted May 20, 2011 Just a quick reply before i leave. Ken is absolutely right. That's why the cleanup speech does state: Only install one AntiVirus program here's the reason: It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.