Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: back.0access please help!

  1. #11
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default

    sorry fogot to mention that windows update is trying to install novembers malicious removal tool but keeps coming up after every install.


    OTL logfile created on: 20/11/2011 10:50:47 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\SHEZ\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.77% Memory free
    4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.66% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.08 Gb Total Space | 186.80 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 293.41 Gb Free Space | 31.50% Space Free | Partition Type: NTFS

    Computer Name: SHEZ-DBZCKP2J | User Name: SHEZ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\SHEZ\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Yammm\YammmSvc.exe (Mikinho)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    PRC - C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\system32\ffdshow.ax ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
    MOD - C:\WINDOWS\system32\encdec.dll ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\ac3filter_intl.dll ()
    MOD - C:\WINDOWS\system32\ac3filter.ax ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\WINDOWS\system32\wstpager.ax ()
    MOD - C:\WINDOWS\system32\VBICodec.ax ()
    MOD - C:\WINDOWS\system32\mpg2splt.ax ()
    MOD - C:\WINDOWS\system32\hcwXDS.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (MSK80Service) -- File not found
    SRV - (McProxy) -- File not found
    SRV - (McNASvc) -- File not found
    SRV - (McNaiAnn) -- File not found
    SRV - (mcmscsvc) -- File not found
    SRV - (McMPFSvc) -- File not found
    SRV - (McAfee SiteAdvisor Service) -- File not found
    SRV - (JavaQuickStarterService) -- File not found
    SRV - (YammmSvc) -- C:\Program Files\Yammm\YammmSvc.exe (Mikinho)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe ()
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
    DRV - (McPvDrv) -- C:\WINDOWS\system32\drivers\McPvDrv.sys (McAfee, Inc.)
    DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
    DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
    DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
    DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)
    DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
    DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
    DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
    DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-329068152-790525478-839522115-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-329068152-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-329068152-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/11/01 20:27:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/05 13:37:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/20 00:08:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/06/28 13:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SHEZ\Application Data\Mozilla\Extensions
    [2011/09/01 01:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/05 13:37:13 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
    [2011/11/07 23:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/06/25 15:59:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/11/20 00:08:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/20 00:08:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/20 00:08:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/11/19 23:37:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111105133106.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-329068152-790525478-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5D8879A-372F-4F14-A5C8-CC59800C663C}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\SHEZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\SHEZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/25 13:28:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-329068152-790525478-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/20 00:51:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SHEZ\Desktop\OTL.exe
    [2011/11/20 00:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/20 00:46:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/11/19 23:44:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/11/19 23:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/11/19 23:35:44 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2011/11/19 23:35:25 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
    [2011/11/19 23:24:56 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
    [2011/11/19 23:22:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/19 23:20:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/19 23:20:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/19 23:20:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/19 23:20:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/19 23:16:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/19 23:13:32 | 004,302,402 | R--- | C] (Swearware) -- C:\Documents and Settings\SHEZ\Desktop\ComboFix.exe
    [2011/11/19 23:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/19 23:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/11/19 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/11/07 23:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/11/07 22:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
    [2011/11/07 22:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2011/11/07 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
    [2011/11/07 22:07:02 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SHEZ\Desktop\tdsskiller.exe
    [2011/11/05 17:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2011/11/05 16:47:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SHEZ\Start Menu\Programs\Administrative Tools
    [2011/11/05 16:46:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\SHEZ\Desktop\dds.scr
    [2011/11/05 13:56:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/11/05 13:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/11/05 13:20:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SHEZ\Local Settings\Application Data\e4c5dd3a
    [2011/11/01 20:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SHEZ\Application Data\TeamViewer

    ========== Files - Modified Within 30 Days ==========

    [2011/11/20 10:47:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/20 00:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SHEZ\Desktop\OTL.exe
    [2011/11/20 00:46:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 00:15:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/11/19 23:37:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/19 23:22:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/11/19 23:13:47 | 004,302,402 | R--- | M] (Swearware) -- C:\Documents and Settings\SHEZ\Desktop\ComboFix.exe
    [2011/11/19 23:11:06 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\SHEZ\Desktop\NTREGOPT.lnk
    [2011/11/19 23:11:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\SHEZ\Desktop\ERUNT.lnk
    [2011/11/19 22:18:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/08 00:15:21 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
    [2011/11/07 22:07:07 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SHEZ\Desktop\tdsskiller.exe
    [2011/11/05 17:26:38 | 000,004,690 | ---- | M] () -- C:\Documents and Settings\SHEZ\Desktop\attach.zip
    [2011/11/05 17:23:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/05 16:46:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\SHEZ\Desktop\dds.scr
    [2011/11/05 13:27:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/11/03 21:24:06 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\SHEZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/01 21:14:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\SHEZ\Application Data\winscp.rnd
    [2011/10/30 19:27:25 | 000,444,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/30 19:27:25 | 000,072,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/25 16:08:49 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/10/24 19:51:22 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\SHEZ\default.pls
    [2011/10/24 19:50:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    ========== Files Created - No Company Name ==========

    [2011/11/20 00:46:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/19 23:22:44 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/11/19 23:22:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/11/19 23:20:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/19 23:20:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/19 23:20:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/19 23:20:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/19 23:20:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/19 23:11:06 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\SHEZ\Desktop\NTREGOPT.lnk
    [2011/11/19 23:11:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\SHEZ\Desktop\ERUNT.lnk
    [2011/11/05 17:23:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/05 17:20:16 | 000,004,690 | ---- | C] () -- C:\Documents and Settings\SHEZ\Desktop\attach.zip
    [2011/11/01 20:47:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\SHEZ\Application Data\winscp.rnd
    [2011/10/12 16:06:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2011/10/12 15:23:46 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2011/10/12 15:02:24 | 000,117,158 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2011/08/24 01:36:43 | 000,057,252 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/07/31 18:31:38 | 003,854,848 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
    [2011/07/19 19:08:04 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/07/19 19:06:48 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2011/07/19 19:06:36 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2011/07/19 19:06:34 | 001,524,224 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2011/07/19 19:06:34 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2011/07/19 19:06:32 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2011/07/19 19:06:30 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2011/07/19 19:06:30 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2011/07/19 19:06:28 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2011/07/19 19:06:28 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2011/07/18 01:45:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2011/06/28 13:40:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/06/27 20:38:02 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\SHEZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/26 13:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/06/25 15:30:40 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\NVUNINST.EXE
    [2011/06/25 15:10:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\SHEZ\Local Settings\Application Data\fusioncache.dat
    [2011/06/25 15:07:41 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2011/06/25 15:06:59 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/06/25 14:27:44 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
    [2011/06/25 14:13:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/06/25 14:01:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/06/25 14:00:18 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/06/25 13:57:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2011/06/25 13:30:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/06/25 13:25:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/05/30 13:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/05/23 07:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/03/03 11:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2011/03/03 11:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2011/03/03 11:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2011/03/03 11:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2011/03/03 11:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2011/03/03 11:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2011/03/03 11:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2011/03/03 11:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2011/03/03 11:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2011/03/03 11:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2010/08/18 19:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
    [2009/08/11 21:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
    [2008/11/06 15:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
    [2006/05/06 00:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/03/04 04:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
    [2005/09/19 14:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/03/22 22:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 22:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 11:00:00 | 000,444,606 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 11:00:00 | 000,072,290 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2011/06/27 18:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2011/11/08 00:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2011/09/08 20:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yammm
    [2011/06/25 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/07/07 21:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\avidemux
    [2011/10/21 18:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\Image Zone Express
    [2011/09/24 17:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\redsn0w
    [2011/11/01 20:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\TeamViewer
    [2011/06/27 18:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\URSoft
    [2011/11/09 01:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\uTorrent
    [2011/06/27 18:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SHEZ\Application Data\WinPatrol

    ========== Purity Check ==========



    < End of report >

  2. #12
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default Extra.txt

    OTL Extras logfile created on: 20/11/2011 10:50:47 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\SHEZ\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.77% Memory free
    4.84 Gb Paging File | 4.48 Gb Available in Paging File | 92.66% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.08 Gb Total Space | 186.80 Gb Free Space | 62.67% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 293.41 Gb Free Space | 31.50% Space Free | Partition Type: NTFS

    Computer Name: SHEZ-DBZCKP2J | User Name: SHEZ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
    "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
    "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F70361A6-021E-4FAB-AA2F-B8FCBB4432F8}" = Yammm
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "MSC" = McAfee Total Protection
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "uTorrent" = µTorrent
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YU2010_is1" = Your Uninstaller! 2010

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-329068152-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 17/09/2011 15:29:16 | Computer Name = SHEZ-DBZCKP2J | Source = Bonjour Service | ID = 100
    Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 17/09/2011 15:29:16 | Computer Name = SHEZ-DBZCKP2J | Source = Bonjour Service | ID = 100
    Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 17/09/2011 16:15:44 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1000
    Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
    unknown, version 0.0.0.0, fault address 0x04bf439c.

    Error - 20/09/2011 13:16:35 | Computer Name = SHEZ-DBZCKP2J | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 20/09/2011 13:17:39 | Computer Name = SHEZ-DBZCKP2J | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 20/09/2011 20:13:13 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1000
    Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
    unknown, version 0.0.0.0, fault address 0x06cc8f20.

    Error - 20/09/2011 20:24:00 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1000
    Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
    unknown, version 0.0.0.0, fault address 0x085b1f4b.

    Error - 20/09/2011 21:33:18 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1001
    Description = Fault bucket -1678130303.

    Error - 20/09/2011 21:53:07 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1000
    Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
    unknown, version 0.0.0.0, fault address 0x0824086a.

    Error - 24/09/2011 12:37:42 | Computer Name = SHEZ-DBZCKP2J | Source = Application Error | ID = 1000
    Description = Faulting application McSvHost.exe, version 2.0.230.0, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

    [ System Events ]
    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = DCOM | ID = 10005
    Description = DCOM got error "%2" attempting to start the service McAfee SiteAdvisor
    Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

    Error - 19/11/2011 21:45:16 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2

    Error - 19/11/2011 21:45:17 | Computer Name = SHEZ-DBZCKP2J | Source = Service Control Manager | ID = 7000
    Description = The McAfee SiteAdvisor Service service failed to start due to the
    following error: %%2


    < End of report >

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I am a bit confused on the Malwarebytes scan dates , I hope you removed all it found because all of that needs to go. If not run it again removing all it finds.

    As far as McAfee, I can see it has errors, why dont you uninstall it and reinstall and see if that will get it working again, if not I can link you to a forum with help for that.



    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean






    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default

    Hi ken. I'm having issues with mcafee at the moment so I don't want to go online with pc till I sort it but all previous instructions given have been done. Eset scan done with 1 result it's a file saved on e:/my documents will post log for u if u still need it when mcafee gets sorted. Any suggestions. I keep getting a pop up on scotty saying there is a change in host files. Form HOST TO host other information on both files appears to be the same.

  5. #15
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default eset scan results

    E:\My Documents\Pc Games\Snow Brothers - WestSideTeam\SnowBrothers.iso a variant of Win32/Injector.AAL trojan

  6. #16
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets do this.

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Doubleclick CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply



    Post the log and then we can sort out your hosts file
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default ckscanner

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\shez\desktop\deleted books\crack in the cosmic egg - mike resnick.epub
    c:\documents and settings\shez\desktop\deleted books\crackers - jerry oltion.epub
    c:\documents and settings\shez\favorites\avicx1forums.com view topic - getting ipod video to work on x1bt - think i've cracked it.url
    c:\documents and settings\shez\my documents\downloads\riptide_gpv1.0.1_hastings_use_iap_cracker_togetfree_inapppurchases.ipa
    c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ebook collection\step on a crack - james patterson.epub
    c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ibooks\the mirror crack's from side to side - christie_ agatha.epub
    c:\documents and settings\shez\my documents\my music\itunes\itunes media\mobile applications\moderncombat3-v1.0.0-cracked.ipa
    scanner sequence 3.GL.11.WPAPGB
    ----- EOF -----

  8. #18
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    This looks like it was an illegal download via the torrents.
    c:\documents and settings\shez\my documents\my music\itunes\itunes media\mobile applications\moderncombat3-v1.0.0-cracked.ipa

    Can you explain ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Member
    Join Date
    Feb 2008
    Posts
    78

    Default

    it was past on to me via a friend of his ipad didnt think it would be a problem. is this wot caused the virus.

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Oh yes, 100% of illegal software via the torrents that are cracked or keygens are infected.

    Read this please


    You have illegal software on your system, this is how you infected your computer, besides it being illegal, cracked/keygens are one of the fastest way of infecting your system, 100% of illegal software contains some form of malicious code. This forum as well as all the other malware removal forums do not support the use of illegal software, if I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime. If you you want to continue, what I need you to do is to look through the CKScanner log and uninstall all the illegal software that you have downloaded and installed . After you uninstall them all, run CKScanner again and post a new log. If I dont hear back from you in 24 hours this thread will be closed and no more help will be offered.


    I am mainly concerned about this
    c:\documents and settings\shez\my documents\my music\itunes\itunes media\mobile applications\moderncombat3-v1.0.0-cracked.ipa
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •