Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Trojan/Keylogger

  1. #1
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default Trojan/Keylogger

    Hi again,

    I have been notified that an account of mine has been suspended due to an infection of some description on my computer.

    I never share ANY account details, so I suspect a keylogger/Trojan infection.

    I have noticed, over the last couple of days, Internet Explorer and Window's Mail operating much more slowly than before. There is also a great deal of disc activity.


    I have run Malewarebytes, Spyware Doctor and Spybot on full scans (even trying them in Safe Mode) each reports a clean machine. I downloaded PC Matic's PC Pitstop a while ago, it reports an infection 'Ezula'. I simply suspected this was a ploy to get me to buy the product as all my other anti-nasty ware was reporting clean.

    Below - the DDS report pasted and the Attach report zipped and attached as requested.

    Jeff Simpson



    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Owner at 21:13:53.89 on 08/09/2010
    Internet Explorer: 7.0.6002.18005
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2731 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Windows\system32\lxbccoms.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    C:\Windows\SysWOW64\IoctlSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
    uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?

    b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
    mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
    mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?

    b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mWinlogon: Userinit=userinit.exe
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)

    \spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1

    \SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)

    \java\jre1.5.0_07\bin\ssv.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program

    files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)

    \spyware doctor\bdt\PCTBrowserDefender.dll
    mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program

    files (x86)\java\jre1.5.0_07\bin\ssv.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

    files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

    c:\progra~2\spybot~1\SDHelper.dll
    LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

    hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} -

    hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -

    hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} -

    hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -

    hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)

    \skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1

    \skype\SKYPE4~1.DLL
    TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [FijiKeyboard] c:\acer\preload\autorun\drv\fiji keyboard\ABoard.exe
    mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
    mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-1-2 233488]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-16 65072]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-16 60416]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [2010-1-2 306648]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware

    doctor\bdt\BDTUpdateService.exe [2010-1-2 112592]
    R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32

    \lxbccoms.exe -service [?]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe

    [2009-9-20 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe

    [2009-9-20 1142224]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

    [2009-8-21 84512]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg64.sys [2010-1-2 92896]
    R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 171144]
    R3 SaiHFF52;SaiHFF52;c:\windows\system32\drivers\SaiHFF52.sys [2007-5-1 171144]
    R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 18048]
    R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 34304]
    R3 SaiUFF52;SaiUFF52;c:\windows\system32\drivers\saiuFF52.sys [2007-5-1 34304]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-16 41888]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\spyware doctor\tfengine\tfservice.exe service -->

    c:\program files (x86)\spyware doctor\tfengine\TFService.exe service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

    v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

    v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet

    security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files

    (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files

    (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k

    LocalServiceAndNoImpersonation [2008-1-21 27648]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

    4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

    1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

    v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)

    \pcpitstop\PCPitstopScheduleService.exe [2010-1-25 85504]

    =============== Created Last 30 ================

    2010-09-08 19:26:48 0 d-----w- c:\programdata\PCPitstopDat
    2010-08-12 06:25:08 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-12 06:25:04 453120 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 06:25:04 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-12 06:25:03 2752000 ----a-w- c:\windows\system32\win32k.sys
    2010-08-12 06:25:02 50688 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-12 06:25:02 36864 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-08-12 06:24:23 81920 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-08-12 06:24:21 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-12 06:24:03 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2010-08-12 06:24:03 1248768 ----a-w- c:\windows\syswow64\msxml3.dll

    ==================== Find3M ====================

    2010-08-05 15:53:17 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-08-05 15:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-08-05 15:53:16 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-08-05 13:52:11 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-18 15:31:22 0 ---ha-w- c:\windows\system32

    \drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
    2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
    2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
    2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
    2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
    2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
    2009-12-04 13:51:58 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-04-17 08:57:32 16384 --sha-w-

    c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-04-17 08:57:32 16384 --sha-w-

    c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-04-17 08:57:32 32768 --sha-w-

    c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5

    \index.dat

    ============= FINISH: 21:17:24.00 ===============
    Attached Files Attached Files

  2. #2
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,497

    Default

    Hello Jeff,

    Please disable word wrap in notepad before taking further steps.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
      %PROGRAMFILES%\PC-Doctor\Downloads\*.*
      %PROGRAMFILES%\Internet Explorer\*.tmp
      %PROGRAMFILES%\Internet Explorer\*.dat
      %USERPROFILE%\My Documents\*.exe
      %USERPROFILE%\*.exe
      %systemroot%\ADDINS\*.*
      %systemroot%\assembly\*.bak2
      %systemroot%\Config\*.*
      %systemroot%\REPAIR\*.bak2
      %systemroot%\SECURITY\Database\*.sdb /x
      %systemroot%\SYSTEM\*.bak2
      %systemroot%\Web\*.bak2
      %systemroot%\Driver Cache\*.*
      %PROGRAMFILES%\Mozilla Firefox\0*.exe
      %ProgramFiles%\Microsoft Common\*.*
      %ProgramFiles%\TinyProxy.
      %USERPROFILE%\Favorites\*.url /x
      %systemroot%\System32\Wbem\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default OTL and Extras as req'd

    Hi Blade - makes me feel happier knowing I have an expert on the case! )

    As predicted Extras pasted in second reply

    OTL text:

    OTL logfile created on: 11/09/2010 10:54:39 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 290.78 Gb Total Space | 164.08 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
    Drive D: | 290.74 Gb Total Space | 269.40 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PACKARDBELL
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
    PRC - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
    PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
    PRC - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
    PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
    PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe (Packard Bell BV)
    PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
    PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe (Visioneer Inc.)
    PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
    PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files (x86)\Spyware Doctor\smum32.dll (PC Tools)
    MOD - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
    MOD - C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll (PC Tools)
    MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (OneTouch 4.0 Monitor) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
    SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( )
    SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
    SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SRV - (ThreatFire) -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
    SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
    SRV - (lxbc_device) -- C:\Windows\SysWow64\lxbccoms.exe ( )
    SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS File not found
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS File not found
    DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
    DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
    DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys File not found
    DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
    DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools)
    DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
    DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools)
    DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
    DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
    DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
    DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
    DRV:64bit: - (SaiH0004) -- C:\Windows\SysNative\DRIVERS\SaiH0004.sys (Saitek)
    DRV:64bit: - (SaiU0004) -- C:\Windows\SysNative\DRIVERS\SaiU0004.sys (Saitek)
    DRV:64bit: - (SaiL0004) -- C:\Windows\SysNative\DRIVERS\SaiL0004.sys (Saitek)
    DRV:64bit: - (SaiHFF52) -- C:\Windows\SysNative\DRIVERS\SaiHFF52.sys (Saitek)
    DRV:64bit: - (SaiUFF52) -- C:\Windows\SysNative\DRIVERS\SaiUFF52.sys (Saitek)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
    DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
    DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
    DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
    DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
    DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr....5vq55y46619201
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr....5vq55y46619201
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr....5vq55y46619201
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr....5vq55y46619201
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/02/16 11:39:51 | 000,378,474 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 13043 more lines...
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O4:64bit: - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirva...iskMD3Ctrl.dll (diskhealth Class)
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCMaticVer Class)
    O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirva...pAntiVirus.dll (PCPitstop AntiVirus)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirva...pcpitstop2.dll (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/11 10:46:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/09/10 07:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/09/10 07:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/09/08 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Cleaning
    [2010/09/08 20:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/09/08 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2010/09/08 20:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstopDat
    [2010/08/24 13:19:00 | 000,307,712 | ---- | C] (Serif (Europe) Ltd) -- C:\Windows\SysWow64\WPPFilt.dll
    [2010/08/22 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2010/08/12 22:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2009/09/21 07:13:06 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll
    [2009/09/21 07:13:06 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll
    [2009/09/21 07:13:06 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll
    [2009/09/21 07:13:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll
    [2009/09/21 07:13:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll
    [2009/09/21 07:13:06 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll
    [2009/09/21 07:13:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll
    [2009/09/21 07:13:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll
    [2009/09/21 07:13:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll
    [2009/09/21 07:13:06 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll
    [2009/09/21 07:13:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/11 10:54:33 | 006,815,744 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
    [2010/09/11 10:48:53 | 000,000,439 | ---- | M] () -- C:\Windows\Lexstat.ini
    [2010/09/11 10:46:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/09/11 09:11:48 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/09/11 09:11:48 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/09/11 09:11:48 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/09/11 09:05:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/11 09:05:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/11 09:05:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/11 09:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/11 09:05:16 | 000,864,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/09/11 00:50:50 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{554c046a-2440-11df-9aa8-00251125cf85}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/11 00:50:50 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{554c046a-2440-11df-9aa8-00251125cf85}.TM.blf
    [2010/09/11 00:50:46 | 003,513,446 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
    [2010/09/11 00:44:24 | 000,268,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/09/11 00:33:40 | 000,000,647 | ---- | M] () -- C:\Users\Owner\Desktop\Defraggler.lnk
    [2010/09/11 00:31:34 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2010/09/11 00:30:01 | 000,001,226 | ---- | M] () -- C:\Windows\WinInit.Ini
    [2010/09/11 00:30:01 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2010/09/11 00:22:06 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/11 00:20:50 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Word.lnk
    [2010/09/11 00:20:43 | 000,002,617 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Excel.lnk
    [2010/09/10 21:50:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/09/10 07:14:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/08/26 12:30:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/08/24 13:19:00 | 000,307,712 | ---- | M] (Serif (Europe) Ltd) -- C:\Windows\SysWow64\WPPFilt.dll
    [2010/08/22 09:42:21 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/11 00:33:40 | 000,000,647 | ---- | C] () -- C:\Users\Owner\Desktop\Defraggler.lnk
    [2010/09/11 00:30:01 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2010/09/10 07:14:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/09/10 07:14:25 | 000,378,170 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI1B15.txt
    [2010/09/10 07:14:17 | 000,011,662 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI1B15.txt
    [2010/09/08 21:52:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/08/22 09:42:21 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2010/08/08 16:25:42 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/05 15:14:51 | 000,308,736 | ---- | C] () -- C:\Windows\SysWow64\Fpxlib.dll
    [2010/08/05 15:14:51 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Jpeglib.dll
    [2010/08/05 15:14:32 | 000,001,072 | ---- | C] () -- C:\Windows\_delis32.ini
    [2010/08/05 14:52:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/04/03 12:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\dxinfo.INI
    [2010/01/02 13:33:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
    [2010/01/02 13:33:28 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2009/12/15 08:39:06 | 000,001,226 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2009/12/10 20:43:26 | 000,000,888 | ---- | C] () -- C:\Windows\wacam.ini
    [2009/12/03 15:54:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 15:53:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/10/02 19:48:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/09/23 07:45:55 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2009/09/21 17:13:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/09/21 07:27:47 | 000,000,439 | ---- | C] () -- C:\Windows\Lexstat.ini
    [2009/09/21 07:13:06 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll
    [2009/09/21 07:13:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll
    [2009/05/01 03:17:17 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
    [2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2001/08/03 20:11:32 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
    [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/05/01 09:22:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2009/09/21 07:20:39 | 000,000,200 | ---- | M] () -- C:\lxbc.log
    [2010/09/11 09:05:13 | 312,815,615 | -HS- | M] () -- C:\pagefile.sys
    [2009/05/01 02:21:52 | 000,001,946 | ---- | M] () -- C:\RHDSetup.log
    [2009/09/20 17:34:04 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/12/03 16:14:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/03 17:16:40 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/11 10:46:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/12/03 17:16:27 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2009/12/03 17:15:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/09/20 11:50:25 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\System32\Wbem\*.* >
    [2006/09/18 22:26:19 | 000,001,097 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
    [2008/01/21 03:50:36 | 000,004,352 | ---- | M] () -- C:\Windows\SysWOW64\wbem\audiocore.mof
    [2006/09/18 22:35:02 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
    [2008/01/21 03:49:33 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
    [2006/11/02 16:04:41 | 000,002,995 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
    [2006/11/02 07:27:38 | 000,029,290 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
    [2006/11/02 07:27:38 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
    [2006/09/18 22:42:48 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
    [2006/09/18 22:42:50 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
    [2008/01/21 03:49:19 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
    [2006/09/18 22:45:56 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
    [2006/09/18 22:40:27 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
    [2009/04/11 07:28:19 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
    [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
    [2006/09/18 22:46:01 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
    [2008/01/21 03:47:52 | 000,000,705 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdwcn.mof
    [2006/09/18 22:38:53 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
    [2006/09/18 22:46:02 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
    [2006/09/18 22:35:44 | 000,001,100 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Firewall.mof
    [2006/09/18 22:36:01 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
    [2006/09/18 22:38:51 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
    [2006/09/18 22:35:54 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
    [2008/01/21 03:49:19 | 000,240,536 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
    [2009/02/18 19:38:41 | 000,032,198 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
    [2006/09/18 22:31:55 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
    [2006/09/18 22:31:55 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
    [2006/11/02 16:02:34 | 000,002,263 | ---- | M] () -- C:\Windows\SysWOW64\wbem\InkObj.mof
    [2006/09/18 22:35:37 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
    [2006/11/02 07:35:19 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
    [2006/11/02 07:35:18 | 000,111,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
    [2006/11/02 07:35:20 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
    [2006/11/02 07:35:21 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
    [2006/11/02 16:02:33 | 000,002,287 | ---- | M] () -- C:\Windows\SysWOW64\wbem\journal.mof
    [2006/09/18 22:39:25 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
    [2006/09/18 22:32:48 | 000,001,367 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
    [2008/01/21 03:49:35 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
    [2008/01/21 03:49:02 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
    [2006/09/18 22:26:23 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
    [2008/01/21 03:48:12 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
    [2009/04/11 07:28:20 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
    [2006/09/18 22:35:23 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
    [2006/09/18 22:35:54 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
    [2006/09/18 22:38:01 | 000,001,876 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
    [2006/09/18 22:38:01 | 000,001,938 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
    [2006/09/18 22:31:59 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
    [2006/09/18 22:28:06 | 000,001,110 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
    [2006/09/18 22:27:27 | 000,001,967 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
    [2006/09/18 22:39:39 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
    [2006/11/02 16:04:30 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
    [2006/09/18 22:36:02 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
    [2006/09/18 22:28:21 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
    [2006/09/18 22:36:03 | 000,001,306 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ndishc.mof
    [2006/09/18 22:38:14 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
    [2006/09/18 22:29:57 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
    [2006/09/18 22:30:03 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
    [2006/09/18 22:45:56 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
    [2006/09/18 22:38:28 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
    [2008/01/21 03:48:28 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
    [2006/09/18 22:35:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
    [2008/01/21 03:48:10 | 000,002,952 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
    [2006/11/02 16:03:53 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
    [2006/11/02 16:03:54 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
    [2006/11/02 16:03:54 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
    [2006/09/18 22:45:56 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
    [2006/09/18 22:35:35 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
    [2009/06/08 21:22:20 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
    [2009/06/08 21:22:20 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
    [2009/06/08 21:22:20 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
    [2009/06/08 21:22:21 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
    [2006/11/02 16:04:31 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
    [2006/11/02 16:04:31 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
    [2006/09/18 22:34:46 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
    [2006/09/18 22:39:30 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
    [2006/09/18 22:30:56 | 000,001,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
    [2006/11/02 08:15:20 | 000,111,686 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
    [2006/09/18 22:46:10 | 000,001,688 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManager.mof
    [2006/09/18 22:46:10 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManagerUninstall.mof
    [2008/01/21 03:49:48 | 000,061,288 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
    [2006/09/18 22:41:58 | 000,001,241 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sapi.mof
    [2006/09/18 22:41:24 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
    [2006/09/18 22:39:53 | 000,001,064 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
    [2006/09/18 22:37:09 | 000,002,250 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
    [2010/06/11 18:10:31 | 000,084,985 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
    [2006/11/02 16:06:41 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
    [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\services.mof
    [2006/09/18 22:45:57 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
    [2006/11/02 16:01:40 | 000,016,973 | ---- | M] () -- C:\Windows\SysWOW64\wbem\speechux.mof
    [2006/11/02 16:01:40 | 000,001,229 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sptip.mof
    [2006/09/18 22:42:35 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
    [2008/01/21 03:50:29 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
    [2006/09/18 22:37:10 | 000,002,254 | ---- | M] () -- C:\Windows\SysWOW64\wbem\TaskEng.mof
    [2006/09/18 22:36:40 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
    [2006/09/18 22:39:30 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
    [2006/09/18 22:39:30 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
    [2006/09/18 22:39:20 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
    [2006/09/18 22:46:00 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
    [2006/11/02 07:35:15 | 000,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
    [2008/01/21 03:48:08 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
    [2008/01/21 03:49:23 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
    [2006/11/02 07:35:15 | 000,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
    [2008/01/21 03:48:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
    [2008/01/21 03:50:05 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
    [2008/01/21 03:51:04 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
    [2006/11/02 08:14:20 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
    [2009/04/11 07:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
    [2009/04/11 07:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
    [2006/11/02 16:01:42 | 000,003,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcncsvc.mof
    [2006/11/02 16:01:39 | 000,001,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz.mof
    [2009/02/18 19:38:37 | 000,001,009 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz2.mof
    [2006/09/18 22:39:24 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
    [2006/09/18 22:36:01 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
    [2008/01/21 03:48:18 | 000,000,814 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
    [2006/11/02 16:02:27 | 000,004,388 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
    [2006/11/02 08:03:34 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
    [2006/09/18 22:46:36 | 000,004,003 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Win32_OsBaseline.mof
    [2008/01/21 03:50:08 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
    [2006/09/18 22:41:56 | 000,001,333 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
    [2006/09/18 22:35:37 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
    [2006/09/18 22:41:56 | 000,002,794 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winlogon.mof
    [2008/01/21 03:50:54 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
    [2006/11/02 16:01:42 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
    [2006/11/02 16:01:42 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
    [2008/01/21 03:48:00 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
    [2006/11/02 16:01:42 | 000,001,311 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WLanHC.mof
    [2009/04/11 07:28:15 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
    [2009/04/11 07:28:25 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
    [2008/01/21 03:50:34 | 000,625,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
    [2009/04/11 07:28:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
    [2009/04/11 07:28:25 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
    [2008/01/21 03:50:13 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
    [2009/02/18 19:39:43 | 000,001,156 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
    [2009/04/11 07:28:25 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
    [2009/02/18 19:39:44 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
    [2009/04/11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    [2009/04/11 07:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
    [2006/11/02 16:04:22 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
    [2006/11/02 16:03:49 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
    [2006/11/02 16:03:49 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
    [2006/11/02 16:03:49 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
    [2009/06/08 21:22:22 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
    [2006/11/02 16:04:31 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
    [2009/06/08 20:43:37 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
    [2006/11/02 16:04:31 | 000,003,184 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
    [2006/11/02 16:04:31 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
    [2006/11/02 16:04:31 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
    [2006/11/02 16:04:31 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
    [2009/02/18 19:38:38 | 000,000,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WscEapPr.mof
    [2008/01/21 03:47:51 | 000,003,332 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
    [2006/09/18 22:41:39 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
    [2006/09/18 22:47:40 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
    [2006/09/18 22:40:05 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
    [2008/01/21 03:47:35 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
    [2006/09/18 22:39:31 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
    [2006/09/18 22:43:11 | 000,001,050 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)love act 25.9.09.eml:OECustomProperty
    @Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)25.9.09.eml:OECustomProperty
    < End of report >

    Extras text in following reply

  4. #4
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default Extras text

    OTL Extras logfile created on: 11/09/2010 10:54:39 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 290.78 Gb Total Space | 164.08 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
    Drive D: | 290.74 Gb Total Space | 269.40 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PACKARDBELL
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 2E 74 F5 C2 33 74 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{99750A4B-9AE8-4349-AC0D-3EA9A2DEBE9D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{056EA521-D1D0-43B7-ADAD-318F439AA175}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
    "{0ACA796D-65C3-4A98-B152-D8524F76872E}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
    "{21502549-8CEC-412E-BDAD-7B264D63BFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{309FC624-9429-48D9-A79D-A245947C8445}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{41AA7905-63EA-43E6-B692-1915D08E6464}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
    "{4F2BD770-6331-40E7-AFE9-AA41F1BC16A4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
    "{58B6EEAD-299B-47D8-8BF1-ECA6303C97A5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
    "{5B83E9FE-584C-4C4E-8048-08B977F3F79D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{6CF47145-13F7-4F82-8F08-07F45E9F1FA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
    "{6F2C8EB6-4195-41EF-88DB-9A7A24B644E0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
    "{70F0AB10-6DBC-4A17-892E-7CF70F348F3E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
    "{7D14B7EB-D968-4671-88BA-A4E802EA8A90}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
    "{8B03A4C0-160F-405E-A943-44C15F763ADB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{8C0AF202-C4A8-4F73-BBF6-64991A92D2EA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
    "{957AAAF8-F104-4C6C-A7A5-3188BE87EBE6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
    "{9B2F987C-7429-40E1-90FF-13B3D3F865E2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
    "{A2CD92B8-F8B4-4C0C-98CB-C5C7402091EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A37D25DA-0C70-499C-B130-762F188E05CC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
    "{B73F2816-8134-4C17-91E7-F742500C0E88}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{C7F5AF15-4A87-47FF-8F09-16C8025A9515}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
    "{D5E53B1F-39DE-4D2F-818D-86C7618131FA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
    "{E7F25C07-F045-457F-9DDF-730C7300C78D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
    "{F1CCF8B4-D8DE-46A0-B7B3-C19103E9E342}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
    "{F2276528-3AB6-461A-8D54-F3BF42B6FC19}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
    "{F61D6216-A1B9-481F-8995-0632848E6C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
    "{F88CC53F-FA52-44F0-BA9C-B88001DD7282}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
    "{FC43D290-2085-42E2-BA2F-C0AF4196E6CB}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{3FEC0570-4DDC-4972-8F7B-29863C194914}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
    "TCP Query User{457C480B-8827-47C0-AC69-82F91F691DA2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{5C8C7F7C-4DA3-41AA-BADC-652C2F649CBC}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
    "TCP Query User{6554E18A-5977-4823-87E2-832927AC2AAE}D:\program files (x86)\dwyco2\cdc32.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dwyco2\cdc32.exe |
    "TCP Query User{99FA4E66-6F45-4AA5-BD66-CE941548E688}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
    "TCP Query User{A82864A5-3CE8-4D18-B27C-F24B73674B41}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
    "TCP Query User{C817546E-8C20-47E9-856D-1E21E08E7386}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{10043E47-B8CF-495F-8DD8-F9DE7C429310}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
    "UDP Query User{1BF103FA-0C01-4CCC-A34D-41DF948BA27F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{1C331782-B0DB-49D4-8DF3-54C032714752}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
    "UDP Query User{3104D8DE-3006-41B8-87AF-AD1479173A7F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{3A9B8A6B-2191-4BA2-A7FF-A74309D7ADE8}D:\program files (x86)\dwyco2\cdc32.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dwyco2\cdc32.exe |
    "UDP Query User{83A9A9C3-DD7C-43F4-A27C-574A3A596890}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
    "UDP Query User{D0DDBB0D-FC5B-4DE6-B6A3-C18D3D041B1B}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DD6AFAE6-E443-41FB-A57F-91F0F74C0FFC}" = OneTouch 4.0
    "{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Defraggler" = Defraggler
    "Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{30EB024E-9FD0-45E6-849D-30CC6F1AF2F1}" = Serif PhotoPlus 10
    "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
    "{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3
    "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{8911A5F5-06A6-4931-B193-E1FB0ECAF372}" = Exterminate3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{946383CC-B47D-4817-A4D9-03F4E76A9003}" = Serif DrawPlus X2 Resources
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
    "{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
    "{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Resources
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Audacity_is1" = Audacity 1.2.6
    "Auto Backup" = Packard Bell Auto Backup
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "BT Broadband Desktop Help" = BT Broadband Desktop Help
    "BTHomeHub" = BT Home Hub
    "CCleaner" = CCleaner
    "Dwyco Video Conferencing_is1" = Dwyco Video Conferencing
    "ERUNT_is1" = ERUNT 1.1j
    "Foxit Reader" = Foxit Reader
    "Identity Card" = Identity Card
    "InfoCentre" = InfoCentre
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "Links 2003 1.0" = Microsoft Links 2003
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Melody Assistant" = Melody Assistant
    "Mumble" = Mumble and Murmur
    "Packard Bell Customer Registration" = Packard Bell Customer Registration
    "Packard Bell Photo Frame" = Packard Bell Photo Frame 4.2.3.6
    "PackardBell Screensaver" = PackardBell ScreenSaver
    "PC Matic_is1" = PC Matic 1.0.0.0
    "SetUpMyPC" = SetUpMyPC
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "Spyware Doctor" = Spyware Doctor 7.0
    "SystemRequirementsLab" = System Requirements Lab
    "Updator" = Updator
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 28/08/2010 15:29:45 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
    Description = Unable to Interact with Console Session Object [The RPC server is
    unavailable.].

    Error - 29/08/2010 02:02:04 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
    Description =

    Error - 29/08/2010 17:18:17 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
    Description = Unable to Interact with Console Session Object [The RPC server is
    unavailable.].

    Error - 30/08/2010 10:12:45 | Computer Name = PackardBell | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
    Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

    Error - 30/08/2010 10:13:02 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
    Description =

    Error - 30/08/2010 14:30:16 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
    Description = Unable to Interact with Console Session Object [The RPC server is
    unavailable.].

    Error - 31/08/2010 08:25:49 | Computer Name = PackardBell | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module msxml6.dll, version 6.20.5002.0, time stamp 0x4a81a53f,
    exception code 0xc0000005, fault offset 0x00000000000536b7, process id 0x7f0, application
    start time 0x01cb4907961c855a.

    Error - 31/08/2010 08:25:51 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
    Description =

    Error - 31/08/2010 08:32:53 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
    Description = Unable to Interact with Console Session Object [The RPC server is
    unavailable.].

    Error - 31/08/2010 08:34:02 | Computer Name = PackardBell | Source = Application Error | ID = 1000
    Description = Faulting application spoolsv.exe, version 6.0.6002.18005, time stamp
    0x49e03626, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e0421d,
    exception code 0xc0000005, fault offset 0x0000000000048d50, process id 0x5ac, application
    start time 0x01cb4908c568fdc7.

    [ System Events ]
    Error - 10/09/2010 17:22:32 | Computer Name = PackardBell | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 10/09/2010 17:22:39 | Computer Name = PackardBell | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 10/09/2010 17:22:46 | Computer Name = PackardBell | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 10/09/2010 17:22:53 | Computer Name = PackardBell | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 10/09/2010 18:04:08 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 10/09/2010 18:04:43 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/09/2010 18:04:43 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/09/2010 04:05:12 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 11/09/2010 04:06:07 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/09/2010 04:06:07 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >


    Thx for your attention and time

    Jeff

  5. #5
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,497

    Default

    Hi,

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back the report. Does some program still find issues?
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default

    Hi Blade,

    Have completed all you asked up to the Kaspersky Online Scan; the Kaspersky site says that their Online Scanner is currently unavailable; I have pasted the actual message below;

    'Coming soon:
    A new, improved version of the
    Kaspersky Online Scanner
    The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not take a free trial of Kaspersky Internet Security 2011, which has everything you need to keep your computer safe.'


    The reason I posted here in the first place was that Blizzard suspended my account for World of Warcraft to investigate possible infection as my account had been hi-jacked. I NEVER share any of my account details with anyone. I use strong alpha-numeric passwords and change them periodically. I keep my anti-virus and anti-malware software up to date and active, my firewall also. I update from Microsoft automatically and always install when updates are available. Though Malwarebytes is not 'installed' I update and run it regularly, separate to my Spyware Doctor with Antivirus - which is my primary security software. The only way my account password could have been discovered IMO is with some nastyware on my PC. Blizzard re-instated my account but said it was their strong opinion that my computer was infected with a keylogger/Trojan or some such nasty. It occurred to me that my computer was behaving oddly, lots of disc activity, 'slowness' - a short but definite pause on bootup in IE and Window's Mail, A screen redraw on bootup I'd never seen before, fonts declared 'no longer available' when I had not touched them, common fonts prefixed with random letters.

    It worried me a lot as sensitive info could be stolen. You have solved problems for me brilliantly before so I rushed in here and posted. There are no serious symptoms of infection apart from those mentioned above and they appear to still be with me.

  7. #7
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,497

    Default

    Hi,

    Sorry, gave you wrong link. Please try this.

    Vista generates more disk activity than XP for example so that may not necessarily be sign of infection. Let's see what Kaspersky scan finds.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default

    Hi Blade,

    KAS report pasted below.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, September 12, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, September 12, 2010 06:45:14
    Records in database: 4210150
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics:
    Objects scanned: 254216
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:48:28

    No threats found. Scanned area is clean.

    Selected area has been scanned.


    If it proves that my PC is clean I wonder how the password to my Blizzard account could have been hacked. I know you are very busy but if you have a moment I would love to hear your thoughts on this.

    Appreciatively,
    Jeff

  9. #9
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,497

    Default

    Hi,

    I wonder how the password to my Blizzard account could have been hacked.
    That's a good question. Unfortunately, I have to admit I can't say how that happened. Logs don't show anything abnormal.

    We can uninstall OTL now:
    • Double-click OTL.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.


    Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Member
    Join Date
    Aug 2008
    Posts
    49

    Default

    Hi Blade,

    OK - OTL uninstalled. Anything else I need to do?

    Jeff

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •