PDA

View Full Version : Trojan/Keylogger



jeff1955
2010-09-08, 23:40
Hi again,

I have been notified that an account of mine has been suspended due to an infection of some description on my computer.

I never share ANY account details, so I suspect a keylogger/Trojan infection.

I have noticed, over the last couple of days, Internet Explorer and Window's Mail operating much more slowly than before. There is also a great deal of disc activity.


I have run Malewarebytes, Spyware Doctor and Spybot on full scans (even trying them in Safe Mode) each reports a clean machine. I downloaded PC Matic's PC Pitstop a while ago, it reports an infection 'Ezula'. I simply suspected this was a ploy to get me to buy the product as all my other anti-nasty ware was reporting clean.

Below - the DDS report pasted and the Attach report zipped and attached as requested.

Jeff Simpson



DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 21:13:53.89 on 08/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2731 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\lxbccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?

b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?

b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=userinit.exe
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)

\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1

\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)

\java\jre1.5.0_07\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program

files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)

\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program

files (x86)\java\jre1.5.0_07\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} -

hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -

hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} -

hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -

hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)

\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1

\skype\SKYPE4~1.DLL
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [FijiKeyboard] c:\acer\preload\autorun\drv\fiji keyboard\ABoard.exe
mRun-x64: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun-x64: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-1-2 233488]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-16 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-16 60416]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [2010-1-2 306648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware

doctor\bdt\BDTUpdateService.exe [2010-1-2 112592]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32

\lxbccoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe

[2009-9-20 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe

[2009-9-20 1142224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

[2009-8-21 84512]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg64.sys [2010-1-2 92896]
R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 171144]
R3 SaiHFF52;SaiHFF52;c:\windows\system32\drivers\SaiHFF52.sys [2007-5-1 171144]
R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 18048]
R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 34304]
R3 SaiUFF52;SaiUFF52;c:\windows\system32\drivers\saiuFF52.sys [2007-5-1 34304]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-16 41888]
R3 ThreatFire;ThreatFire;c:\program files (x86)\spyware doctor\tfengine\tfservice.exe service -->

c:\program files (x86)\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet

security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files

(x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files

(x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)

\pcpitstop\PCPitstopScheduleService.exe [2010-1-25 85504]

=============== Created Last 30 ================

2010-09-08 19:26:48 0 d-----w- c:\programdata\PCPitstopDat
2010-08-12 06:25:08 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 06:25:04 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 06:25:04 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 06:25:03 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 06:25:02 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 06:25:02 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 06:24:23 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 06:24:21 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 06:24:03 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 06:24:03 1248768 ----a-w- c:\windows\syswow64\msxml3.dll

==================== Find3M ====================

2010-08-05 15:53:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-05 15:53:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-05 15:53:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-05 13:52:11 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-18 15:31:22 0 ---ha-w- c:\windows\system32

\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2009-12-04 13:51:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-17 08:57:32 16384 --sha-w-

c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-04-17 08:57:32 16384 --sha-w-

c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-04-17 08:57:32 32768 --sha-w-

c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5

\index.dat

============= FINISH: 21:17:24.00 ===============

Blade81
2010-09-11, 12:00
Hello Jeff,

Please disable word wrap in notepad before taking further steps.


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\System32\Wbem\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jeff1955
2010-09-11, 13:19
Hi Blade - makes me feel happier knowing I have an expert on the case! :))

As predicted Extras pasted in second reply

OTL text:

OTL logfile created on: 11/09/2010 10:54:39 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.78 Gb Total Space | 164.08 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 290.74 Gb Total Space | 269.40 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PACKARDBELL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe (Visioneer Inc.)
PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files (x86)\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (OneTouch 4.0 Monitor) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( )
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (lxbc_device) -- C:\Windows\SysWow64\lxbccoms.exe ( )
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS File not found
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (SaiH0004) -- C:\Windows\SysNative\DRIVERS\SaiH0004.sys (Saitek)
DRV:64bit: - (SaiU0004) -- C:\Windows\SysNative\DRIVERS\SaiU0004.sys (Saitek)
DRV:64bit: - (SaiL0004) -- C:\Windows\SysNative\DRIVERS\SaiL0004.sys (Saitek)
DRV:64bit: - (SaiHFF52) -- C:\Windows\SysNative\DRIVERS\SaiHFF52.sys (Saitek)
DRV:64bit: - (SaiUFF52) -- C:\Windows\SysNative\DRIVERS\SaiUFF52.sys (Saitek)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/02/16 11:39:51 | 000,378,474 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13043 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 10:46:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/10 07:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/10 07:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/08 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Cleaning
[2010/09/08 20:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/08 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/08 20:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstopDat
[2010/08/24 13:19:00 | 000,307,712 | ---- | C] (Serif (Europe) Ltd) -- C:\Windows\SysWow64\WPPFilt.dll
[2010/08/22 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/12 22:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/09/21 07:13:06 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll
[2009/09/21 07:13:06 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll
[2009/09/21 07:13:06 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll
[2009/09/21 07:13:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll
[2009/09/21 07:13:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll
[2009/09/21 07:13:06 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll
[2009/09/21 07:13:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll
[2009/09/21 07:13:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll
[2009/09/21 07:13:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll
[2009/09/21 07:13:06 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll
[2009/09/21 07:13:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/11 10:54:33 | 006,815,744 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/09/11 10:48:53 | 000,000,439 | ---- | M] () -- C:\Windows\Lexstat.ini
[2010/09/11 10:46:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/11 09:11:48 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/11 09:11:48 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/11 09:11:48 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/11 09:05:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 09:05:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 09:05:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 09:05:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 09:05:16 | 000,864,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/11 00:50:50 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{554c046a-2440-11df-9aa8-00251125cf85}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 00:50:50 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{554c046a-2440-11df-9aa8-00251125cf85}.TM.blf
[2010/09/11 00:50:46 | 003,513,446 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/09/11 00:44:24 | 000,268,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/11 00:33:40 | 000,000,647 | ---- | M] () -- C:\Users\Owner\Desktop\Defraggler.lnk
[2010/09/11 00:31:34 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/09/11 00:30:01 | 000,001,226 | ---- | M] () -- C:\Windows\WinInit.Ini
[2010/09/11 00:30:01 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010/09/11 00:22:06 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 00:20:50 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Word.lnk
[2010/09/11 00:20:43 | 000,002,617 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Excel.lnk
[2010/09/10 21:50:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/10 07:14:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/26 12:30:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/24 13:19:00 | 000,307,712 | ---- | M] (Serif (Europe) Ltd) -- C:\Windows\SysWow64\WPPFilt.dll
[2010/08/22 09:42:21 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/11 00:33:40 | 000,000,647 | ---- | C] () -- C:\Users\Owner\Desktop\Defraggler.lnk
[2010/09/11 00:30:01 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010/09/10 07:14:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/09/10 07:14:25 | 000,378,170 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI1B15.txt
[2010/09/10 07:14:17 | 000,011,662 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI1B15.txt
[2010/09/08 21:52:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/22 09:42:21 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/08 16:25:42 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 15:14:51 | 000,308,736 | ---- | C] () -- C:\Windows\SysWow64\Fpxlib.dll
[2010/08/05 15:14:51 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Jpeglib.dll
[2010/08/05 15:14:32 | 000,001,072 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/08/05 14:52:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/03 12:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\dxinfo.INI
[2010/01/02 13:33:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/01/02 13:33:28 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/15 08:39:06 | 000,001,226 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/12/10 20:43:26 | 000,000,888 | ---- | C] () -- C:\Windows\wacam.ini
[2009/12/03 15:54:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 15:53:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/02 19:48:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/09/23 07:45:55 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/09/21 17:13:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/21 07:27:47 | 000,000,439 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/09/21 07:13:06 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll
[2009/09/21 07:13:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll
[2009/05/01 03:17:17 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2001/08/03 20:11:32 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/01 09:22:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/09/21 07:20:39 | 000,000,200 | ---- | M] () -- C:\lxbc.log
[2010/09/11 09:05:13 | 312,815,615 | -HS- | M] () -- C:\pagefile.sys
[2009/05/01 02:21:52 | 000,001,946 | ---- | M] () -- C:\RHDSetup.log
[2009/09/20 17:34:04 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/03 16:14:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/03 17:16:40 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/11 10:46:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/12/03 17:16:27 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/12/03 17:15:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/12/03 17:15:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/20 11:50:25 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\System32\Wbem\*.* >
[2006/09/18 22:26:19 | 000,001,097 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
[2008/01/21 03:50:36 | 000,004,352 | ---- | M] () -- C:\Windows\SysWOW64\wbem\audiocore.mof
[2006/09/18 22:35:02 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
[2008/01/21 03:49:33 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
[2006/11/02 16:04:41 | 000,002,995 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
[2006/11/02 07:27:38 | 000,029,290 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
[2006/11/02 07:27:38 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
[2006/09/18 22:42:48 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
[2006/09/18 22:42:50 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
[2008/01/21 03:49:19 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
[2006/09/18 22:45:56 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
[2006/09/18 22:40:27 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
[2009/04/11 07:28:19 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
[2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
[2006/09/18 22:46:01 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
[2008/01/21 03:47:52 | 000,000,705 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdwcn.mof
[2006/09/18 22:38:53 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
[2006/09/18 22:46:02 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
[2006/09/18 22:35:44 | 000,001,100 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Firewall.mof
[2006/09/18 22:36:01 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
[2006/09/18 22:38:51 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
[2006/09/18 22:35:54 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
[2008/01/21 03:49:19 | 000,240,536 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
[2009/02/18 19:38:41 | 000,032,198 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
[2006/09/18 22:31:55 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
[2006/09/18 22:31:55 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
[2006/11/02 16:02:34 | 000,002,263 | ---- | M] () -- C:\Windows\SysWOW64\wbem\InkObj.mof
[2006/09/18 22:35:37 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
[2006/11/02 07:35:19 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
[2006/11/02 07:35:18 | 000,111,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
[2006/11/02 07:35:20 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
[2006/11/02 07:35:21 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
[2006/11/02 16:02:33 | 000,002,287 | ---- | M] () -- C:\Windows\SysWOW64\wbem\journal.mof
[2006/09/18 22:39:25 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
[2006/09/18 22:32:48 | 000,001,367 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
[2008/01/21 03:49:35 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
[2008/01/21 03:49:02 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
[2006/09/18 22:26:23 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
[2008/01/21 03:48:12 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
[2009/04/11 07:28:20 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
[2006/09/18 22:35:23 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
[2006/09/18 22:35:54 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2006/09/18 22:38:01 | 000,001,876 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
[2006/09/18 22:38:01 | 000,001,938 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
[2006/09/18 22:31:59 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
[2006/09/18 22:28:06 | 000,001,110 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
[2006/09/18 22:27:27 | 000,001,967 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
[2006/09/18 22:39:39 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
[2006/11/02 16:04:30 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
[2006/09/18 22:36:02 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
[2006/09/18 22:28:21 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
[2006/09/18 22:36:03 | 000,001,306 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ndishc.mof
[2006/09/18 22:38:14 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
[2006/09/18 22:29:57 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
[2006/09/18 22:30:03 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
[2006/09/18 22:45:56 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
[2006/09/18 22:38:28 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
[2008/01/21 03:48:28 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
[2006/09/18 22:35:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
[2008/01/21 03:48:10 | 000,002,952 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
[2006/11/02 16:03:53 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
[2006/11/02 16:03:54 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
[2006/11/02 16:03:54 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
[2006/09/18 22:45:56 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
[2006/09/18 22:35:35 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009/06/08 21:22:20 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
[2009/06/08 21:22:20 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
[2009/06/08 21:22:20 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
[2009/06/08 21:22:21 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
[2006/11/02 16:04:31 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
[2006/11/02 16:04:31 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
[2006/09/18 22:34:46 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
[2006/09/18 22:39:30 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
[2006/09/18 22:30:56 | 000,001,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
[2006/11/02 08:15:20 | 000,111,686 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
[2006/09/18 22:46:10 | 000,001,688 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManager.mof
[2006/09/18 22:46:10 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RestartManagerUninstall.mof
[2008/01/21 03:49:48 | 000,061,288 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
[2006/09/18 22:41:58 | 000,001,241 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sapi.mof
[2006/09/18 22:41:24 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
[2006/09/18 22:39:53 | 000,001,064 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
[2006/09/18 22:37:09 | 000,002,250 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
[2010/06/11 18:10:31 | 000,084,985 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
[2006/11/02 16:06:41 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 22:45:57 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
[2006/11/02 16:01:40 | 000,016,973 | ---- | M] () -- C:\Windows\SysWOW64\wbem\speechux.mof
[2006/11/02 16:01:40 | 000,001,229 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sptip.mof
[2006/09/18 22:42:35 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
[2008/01/21 03:50:29 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
[2006/09/18 22:37:10 | 000,002,254 | ---- | M] () -- C:\Windows\SysWOW64\wbem\TaskEng.mof
[2006/09/18 22:36:40 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
[2006/09/18 22:39:30 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
[2006/09/18 22:39:30 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
[2006/09/18 22:39:20 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
[2006/09/18 22:46:00 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
[2006/11/02 07:35:15 | 000,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
[2008/01/21 03:48:08 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
[2008/01/21 03:49:23 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
[2006/11/02 07:35:15 | 000,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
[2008/01/21 03:48:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
[2008/01/21 03:50:05 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
[2008/01/21 03:51:04 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
[2006/11/02 08:14:20 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
[2009/04/11 07:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
[2009/04/11 07:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
[2006/11/02 16:01:42 | 000,003,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcncsvc.mof
[2006/11/02 16:01:39 | 000,001,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz.mof
[2009/02/18 19:38:37 | 000,001,009 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wcnwiz2.mof
[2006/09/18 22:39:24 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
[2006/09/18 22:36:01 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
[2008/01/21 03:48:18 | 000,000,814 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
[2006/11/02 16:02:27 | 000,004,388 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
[2006/11/02 08:03:34 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
[2006/09/18 22:46:36 | 000,004,003 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Win32_OsBaseline.mof
[2008/01/21 03:50:08 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
[2006/09/18 22:41:56 | 000,001,333 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
[2006/09/18 22:35:37 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
[2006/09/18 22:41:56 | 000,002,794 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winlogon.mof
[2008/01/21 03:50:54 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
[2006/11/02 16:01:42 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
[2006/11/02 16:01:42 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
[2008/01/21 03:48:00 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
[2006/11/02 16:01:42 | 000,001,311 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WLanHC.mof
[2009/04/11 07:28:15 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
[2009/04/11 07:28:25 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
[2008/01/21 03:50:34 | 000,625,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
[2009/04/11 07:28:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
[2009/04/11 07:28:25 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
[2008/01/21 03:50:13 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
[2009/02/18 19:39:43 | 000,001,156 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
[2009/04/11 07:28:25 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
[2009/02/18 19:39:44 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
[2009/04/11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
[2009/04/11 07:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
[2006/11/02 16:04:22 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
[2006/11/02 16:03:49 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
[2006/11/02 16:03:49 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
[2006/11/02 16:03:49 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
[2009/06/08 21:22:22 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
[2006/11/02 16:04:31 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
[2009/06/08 20:43:37 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
[2006/11/02 16:04:31 | 000,003,184 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
[2006/11/02 16:04:31 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
[2006/11/02 16:04:31 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
[2006/11/02 16:04:31 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
[2009/02/18 19:38:38 | 000,000,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WscEapPr.mof
[2008/01/21 03:47:51 | 000,003,332 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
[2006/09/18 22:41:39 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
[2006/09/18 22:47:40 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
[2006/09/18 22:40:05 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
[2008/01/21 03:47:35 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
[2006/09/18 22:39:31 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
[2006/09/18 22:43:11 | 000,001,050 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)love act 25.9.09.eml:OECustomProperty
@Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)25.9.09.eml:OECustomProperty
< End of report >

Extras text in following reply

jeff1955
2010-09-11, 13:20
OTL Extras logfile created on: 11/09/2010 10:54:39 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.78 Gb Total Space | 164.08 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 290.74 Gb Total Space | 269.40 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PACKARDBELL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2E 74 F5 C2 33 74 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{99750A4B-9AE8-4349-AC0D-3EA9A2DEBE9D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EA521-D1D0-43B7-ADAD-318F439AA175}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{0ACA796D-65C3-4A98-B152-D8524F76872E}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{21502549-8CEC-412E-BDAD-7B264D63BFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{309FC624-9429-48D9-A79D-A245947C8445}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41AA7905-63EA-43E6-B692-1915D08E6464}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{4F2BD770-6331-40E7-AFE9-AA41F1BC16A4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{58B6EEAD-299B-47D8-8BF1-ECA6303C97A5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{5B83E9FE-584C-4C4E-8048-08B977F3F79D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6CF47145-13F7-4F82-8F08-07F45E9F1FA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{6F2C8EB6-4195-41EF-88DB-9A7A24B644E0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{70F0AB10-6DBC-4A17-892E-7CF70F348F3E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{7D14B7EB-D968-4671-88BA-A4E802EA8A90}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{8B03A4C0-160F-405E-A943-44C15F763ADB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8C0AF202-C4A8-4F73-BBF6-64991A92D2EA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{957AAAF8-F104-4C6C-A7A5-3188BE87EBE6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{9B2F987C-7429-40E1-90FF-13B3D3F865E2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{A2CD92B8-F8B4-4C0C-98CB-C5C7402091EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A37D25DA-0C70-499C-B130-762F188E05CC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{B73F2816-8134-4C17-91E7-F742500C0E88}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C7F5AF15-4A87-47FF-8F09-16C8025A9515}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{D5E53B1F-39DE-4D2F-818D-86C7618131FA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{E7F25C07-F045-457F-9DDF-730C7300C78D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{F1CCF8B4-D8DE-46A0-B7B3-C19103E9E342}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{F2276528-3AB6-461A-8D54-F3BF42B6FC19}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{F61D6216-A1B9-481F-8995-0632848E6C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{F88CC53F-FA52-44F0-BA9C-B88001DD7282}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{FC43D290-2085-42E2-BA2F-C0AF4196E6CB}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{3FEC0570-4DDC-4972-8F7B-29863C194914}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"TCP Query User{457C480B-8827-47C0-AC69-82F91F691DA2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5C8C7F7C-4DA3-41AA-BADC-652C2F649CBC}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{6554E18A-5977-4823-87E2-832927AC2AAE}D:\program files (x86)\dwyco2\cdc32.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dwyco2\cdc32.exe |
"TCP Query User{99FA4E66-6F45-4AA5-BD66-CE941548E688}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
"TCP Query User{A82864A5-3CE8-4D18-B27C-F24B73674B41}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"TCP Query User{C817546E-8C20-47E9-856D-1E21E08E7386}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{10043E47-B8CF-495F-8DD8-F9DE7C429310}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"UDP Query User{1BF103FA-0C01-4CCC-A34D-41DF948BA27F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{1C331782-B0DB-49D4-8DF3-54C032714752}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
"UDP Query User{3104D8DE-3006-41B8-87AF-AD1479173A7F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{3A9B8A6B-2191-4BA2-A7FF-A74309D7ADE8}D:\program files (x86)\dwyco2\cdc32.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dwyco2\cdc32.exe |
"UDP Query User{83A9A9C3-DD7C-43F4-A27C-574A3A596890}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"UDP Query User{D0DDBB0D-FC5B-4DE6-B6A3-C18D3D041B1B}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD6AFAE6-E443-41FB-A57F-91F0F74C0FFC}" = OneTouch 4.0
"{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Defraggler" = Defraggler
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30EB024E-9FD0-45E6-849D-30CC6F1AF2F1}" = Serif PhotoPlus 10
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8911A5F5-06A6-4931-B193-E1FB0ECAF372}" = Exterminate3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{946383CC-B47D-4817-A4D9-03F4E76A9003}" = Serif DrawPlus X2 Resources
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Resources
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"Auto Backup" = Packard Bell Auto Backup
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BT Home Hub
"CCleaner" = CCleaner
"Dwyco Video Conferencing_is1" = Dwyco Video Conferencing
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Links 2003 1.0" = Microsoft Links 2003
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melody Assistant" = Melody Assistant
"Mumble" = Mumble and Murmur
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"Packard Bell Photo Frame" = Packard Bell Photo Frame 4.2.3.6
"PackardBell Screensaver" = PackardBell ScreenSaver
"PC Matic_is1" = PC Matic 1.0.0.0
"SetUpMyPC" = SetUpMyPC
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Spyware Doctor" = Spyware Doctor 7.0
"SystemRequirementsLab" = System Requirements Lab
"Updator" = Updator
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/08/2010 15:29:45 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
Description = Unable to Interact with Console Session Object [The RPC server is
unavailable.].

Error - 29/08/2010 02:02:04 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 29/08/2010 17:18:17 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
Description = Unable to Interact with Console Session Object [The RPC server is
unavailable.].

Error - 30/08/2010 10:12:45 | Computer Name = PackardBell | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 30/08/2010 10:13:02 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 30/08/2010 14:30:16 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
Description = Unable to Interact with Console Session Object [The RPC server is
unavailable.].

Error - 31/08/2010 08:25:49 | Computer Name = PackardBell | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module msxml6.dll, version 6.20.5002.0, time stamp 0x4a81a53f,
exception code 0xc0000005, fault offset 0x00000000000536b7, process id 0x7f0, application
start time 0x01cb4907961c855a.

Error - 31/08/2010 08:25:51 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2010 08:32:53 | Computer Name = PackardBell | Source = OneTouch 4.0 Monitor | ID = 111
Description = Unable to Interact with Console Session Object [The RPC server is
unavailable.].

Error - 31/08/2010 08:34:02 | Computer Name = PackardBell | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6002.18005, time stamp
0x49e03626, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e0421d,
exception code 0xc0000005, fault offset 0x0000000000048d50, process id 0x5ac, application
start time 0x01cb4908c568fdc7.

[ System Events ]
Error - 10/09/2010 17:22:32 | Computer Name = PackardBell | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/09/2010 17:22:39 | Computer Name = PackardBell | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/09/2010 17:22:46 | Computer Name = PackardBell | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/09/2010 17:22:53 | Computer Name = PackardBell | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/09/2010 18:04:08 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/09/2010 18:04:43 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2010 18:04:43 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
Description =

Error - 11/09/2010 04:05:12 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/09/2010 04:06:07 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7000
Description =

Error - 11/09/2010 04:06:07 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Thx for your attention and time

Jeff

Blade81
2010-09-11, 20:29
Hi,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). Post back the report. Does some program still find issues?

jeff1955
2010-09-11, 21:32
Hi Blade,

Have completed all you asked up to the Kaspersky Online Scan; the Kaspersky site says that their Online Scanner is currently unavailable; I have pasted the actual message below;

'Coming soon:
A new, improved version of the
Kaspersky Online Scanner
The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not take a free trial of Kaspersky Internet Security 2011, which has everything you need to keep your computer safe.'

The reason I posted here in the first place was that Blizzard suspended my account for World of Warcraft to investigate possible infection as my account had been hi-jacked. I NEVER share any of my account details with anyone. I use strong alpha-numeric passwords and change them periodically. I keep my anti-virus and anti-malware software up to date and active, my firewall also. I update from Microsoft automatically and always install when updates are available. Though Malwarebytes is not 'installed' I update and run it regularly, separate to my Spyware Doctor with Antivirus - which is my primary security software. The only way my account password could have been discovered IMO is with some nastyware on my PC. Blizzard re-instated my account but said it was their strong opinion that my computer was infected with a keylogger/Trojan or some such nasty. It occurred to me that my computer was behaving oddly, lots of disc activity, 'slowness' - a short but definite pause on bootup in IE and Window's Mail, A screen redraw on bootup I'd never seen before, fonts declared 'no longer available' when I had not touched them, common fonts prefixed with random letters.

It worried me a lot as sensitive info could be stolen. You have solved problems for me brilliantly before so I rushed in here and posted. There are no serious symptoms of infection apart from those mentioned above and they appear to still be with me.

Blade81
2010-09-12, 11:15
Hi,

Sorry, gave you wrong link. Please try this (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html).

Vista generates more disk activity than XP for example so that may not necessarily be sign of infection. Let's see what Kaspersky scan finds.

jeff1955
2010-09-12, 15:28
Hi Blade,

KAS report pasted below.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 12, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 12, 2010 06:45:14
Records in database: 4210150
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 254216
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:48:28

No threats found. Scanned area is clean.

Selected area has been scanned.


If it proves that my PC is clean I wonder how the password to my Blizzard account could have been hacked. I know you are very busy but if you have a moment I would love to hear your thoughts on this.

Appreciatively,
Jeff

Blade81
2010-09-12, 19:11
Hi,


I wonder how the password to my Blizzard account could have been hacked.
That's a good question. Unfortunately, I have to admit I can't say how that happened. Logs don't show anything abnormal.

We can uninstall OTL now:

Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

jeff1955
2010-09-12, 21:19
Hi Blade,

OK - OTL uninstalled. Anything else I need to do?

Jeff

Blade81
2010-09-13, 07:47
Hi,


Anything else I need to do?
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings regularly.

jeff1955
2010-09-13, 09:10
Thx for all the help Blade, I feel a lot happier now. I would still love to know what happened to my Blizzard account. If passwords can be discovered without malware on a personal PC then nothing is safe. Thank goodness for people like you.

Very gratefully
Jeff

Blade81
2010-09-13, 12:52
You're welcome, Jeff :)