Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Mcafee detecting Trojans


  • This topic is locked This topic is locked
28 replies to this topic

#1 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 01 October 2010 - 03:06 PM

Hello it's been a while since I last posted, I recently noticed in one of my security reports that Mcafee had detected two Trojans. I just recently noticed this and when I ran a fresh scan it didn't detect anything. I let other people use the computer and thought maybe one of them had done something, I havn't really noticed anything different in the running of the computer, but wanted to make sure that I don't have any viruses or Malware on my computer.

Posted Image

Advertisement


#2 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 01 October 2010 - 09:32 PM

Hello there, Enoch

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in FIVE(5) days. :)

#3 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 01 October 2010 - 10:03 PM

No problem Conspire, i'll just await your instructions on which one of the three tools I should download before I post the scan results. Thanks for your help.

#4 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 02 October 2010 - 04:41 AM

Download OTL to your Desktop
  • Right click on the icon and select "Run as Adminstrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


#5 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 02 October 2010 - 05:14 AM

Here they are:

OTL logfile created on: 10/2/2010 12:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.18 Gb Total Space | 108.43 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 141.18 Gb Total Space | 141.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (lxcz_device) -- C:\Windows\SysWow64\lxczcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...28rsi5by7k1a987
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...28rsi5by7k1a987
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...28rsi5by7k1a987
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...28rsi5by7k1a987

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...v...nt&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/07/07 18:53:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/08 09:58:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100914233259.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100914233259.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 11:59:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/10/01 01:51:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/15 15:05:45 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/08 09:58:47 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/08 09:58:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/08 09:58:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/08 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/08 09:58:16 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/08 09:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/08 09:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/08 09:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/08 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Real
[2010/03/07 20:46:52 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010/03/07 20:46:52 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010/03/07 20:46:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010/03/07 20:46:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010/03/07 20:46:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010/03/07 20:46:52 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010/03/07 20:46:51 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010/03/07 20:46:51 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010/03/07 20:46:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010/03/07 20:46:51 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010/03/07 20:46:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2009/08/14 18:54:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2010/10/02 12:05:09 | 002,359,296 | -HS- | M] () -- C:\Users\Sean\ntuser.dat
[2010/10/02 12:01:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 11:59:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/10/02 10:24:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 10:24:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 10:21:11 | 000,720,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/02 10:21:11 | 000,623,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/02 10:21:11 | 000,109,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/02 10:19:01 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2010/10/02 10:17:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 10:16:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 10:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 10:16:42 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 05:26:14 | 002,197,520 | -H-- | M] () -- C:\Users\Sean\AppData\Local\IconCache.db
[2010/09/28 20:52:36 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sean.job
[2010/09/23 21:44:39 | 000,000,336 | ---- | M] () -- C:\Windows\Lexstat.ini
[2010/09/17 14:47:44 | 000,009,728 | ---- | M] () -- C:\Users\Sean\Documents\Statement of Reasons.wps
[2010/09/17 14:47:44 | 000,001,888 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/09/13 03:14:02 | 000,008,704 | ---- | M] () -- C:\Users\Sean\Documents\Forum message.wps
[2010/09/08 10:01:48 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/09/08 09:58:51 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/09/08 09:58:51 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/08 09:58:47 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/08 09:58:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/08 09:58:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/08 09:58:17 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/09/08 09:58:16 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/08 09:58:16 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/05 20:45:12 | 000,010,240 | ---- | M] () -- C:\Users\Sean\Documents\Letter to Doctor Woolsey.wps

========== Files Created - No Company Name ==========

[2010/09/10 10:36:14 | 000,008,704 | ---- | C] () -- C:\Users\Sean\Documents\Forum message.wps
[2010/09/08 10:01:48 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/08 09:58:51 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/09/08 09:58:51 | 000,001,272 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/05 21:56:13 | 000,009,728 | ---- | C] () -- C:\Users\Sean\Documents\Statement of Reasons.wps
[2010/09/05 20:17:17 | 000,010,240 | ---- | C] () -- C:\Users\Sean\Documents\Letter to Doctor Woolsey.wps
[2010/03/17 17:47:50 | 000,001,888 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/03/07 20:47:25 | 000,000,336 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/03/07 20:46:52 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010/03/07 20:46:52 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2009/08/14 18:54:32 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/17 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Template
[2010/09/06 11:45:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/14 19:30:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/08/05 06:44:24 | 000,003,368 | ---- | M] () \ENZ1LP03.MD5 -- C:\ENZ1LP03.MD5
[2010/10/02 10:16:42 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 06:39:06 | 000,000,282 | ---- | M] () -- C:\LPCD.DAT
[2010/10/02 10:16:44 | 2951,270,400 | -HS- | M] () -- C:\pagefile.sys
[2009/08/14 18:49:37 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/07 03:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/04 19:24:12 | 000,000,221 | -HS- | M] () -- C:\Users\Sean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/02 11:59:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 20:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

#6 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 02 October 2010 - 05:17 AM

OTL Extras logfile created on: 10/2/2010 12:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.18 Gb Total Space | 108.43 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 141.18 Gb Total Space | 141.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{dcecd67a-83b9-491f-93bd-059cab7dff56}" = Nero 9 Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"MSC" = McAfee AntiVirus Plus
"NSS" = Norton Security Scan
"RealPlayer 12.0" = RealPlayer
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 6:42:52 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 7:04:18 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 8:04:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 9/23/2010 12:52:28 PM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/24/2010 8:30:37 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/26/2010 6:22:38 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/27/2010 3:19:02 PM | Computer Name = Sean-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:17:35 on ?27/?09/?2010 was unexpected.

Error - 9/28/2010 12:28:24 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 9/28/2010 5:41:42 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 9/30/2010 7:17:37 PM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/30/2010 8:17:54 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 9/30/2010 8:18:22 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 10/1/2010 11:31:23 PM | Computer Name = Sean-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 04:29:47 on ?02/?10/?2010 was unexpected.


< End of report >

#7 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 02 October 2010 - 06:05 AM

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.


#8 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 02 October 2010 - 06:43 AM

Hi I think I was able to disable the security settings on Mcafee, here is the file contents: MBRCheck, version 1.2.3 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: Acer System Product Name: Aspire X1301 Logical Drives Mask: 0x0000007c Kernel Drivers (total 191): 0x0305B000 \SystemRoot\system32\ntoskrnl.exe 0x03012000 \SystemRoot\system32\hal.dll 0x00BCA000 \SystemRoot\system32\kdcom.dll 0x00CA8000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00CB5000 \SystemRoot\system32\PSHED.dll 0x00CC9000 \SystemRoot\system32\CLFS.SYS 0x00D27000 \SystemRoot\system32\CI.dll 0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00DE7000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00E7D000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00ED4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00EDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00EE7000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F1A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F27000 \SystemRoot\System32\drivers\partmgr.sys 0x00F3C000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00F51000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FAD000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00FB4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00FC4000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FDE000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00E2A000 \SystemRoot\system32\DRIVERS\nvstor64.sys 0x0100A000 \SystemRoot\system32\DRIVERS\storport.sys 0x0106C000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x01077000 \SystemRoot\system32\drivers\fltmgr.sys 0x010C3000 \SystemRoot\system32\drivers\fileinfo.sys 0x010D7000 \SystemRoot\system32\drivers\mfehidk.sys 0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01156000 \SystemRoot\System32\Drivers\msrpc.sys 0x013C0000 \SystemRoot\System32\Drivers\ksecdd.sys 0x014B6000 \SystemRoot\System32\Drivers\cng.sys 0x01529000 \SystemRoot\System32\drivers\pcw.sys 0x0153A000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01687000 \SystemRoot\system32\drivers\ndis.sys 0x01779000 \SystemRoot\system32\drivers\NETIO.SYS 0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x0162B000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01677000 \SystemRoot\System32\Drivers\spldr.sys 0x01544000 \SystemRoot\System32\drivers\rdyboost.sys 0x017D9000 \SystemRoot\System32\Drivers\mup.sys 0x017EB000 \SystemRoot\System32\drivers\hwpolicy.sys 0x0157E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x015B8000 \SystemRoot\system32\DRIVERS\disk.sys 0x015CE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0145E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01488000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys 0x01491000 \SystemRoot\System32\Drivers\Null.SYS 0x0167F000 \SystemRoot\System32\Drivers\Beep.SYS 0x0149A000 \SystemRoot\System32\drivers\vga.sys 0x013DA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01200000 \SystemRoot\System32\drivers\watchdog.sys 0x014A8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01210000 \SystemRoot\system32\drivers\rdpencdd.sys 0x011B4000 \SystemRoot\system32\drivers\rdprefmp.sys 0x011BD000 \SystemRoot\System32\Drivers\Msfs.SYS 0x011C8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02A03000 \SystemRoot\System32\drivers\tcpip.sys 0x0340E000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x03458000 \SystemRoot\system32\drivers\mfewfpk.sys 0x0349C000 \SystemRoot\system32\drivers\TDI.SYS 0x034A9000 \SystemRoot\system32\DRIVERS\tdx.sys 0x034C7000 \SystemRoot\System32\DRIVERS\netbt.sys 0x0350C000 \SystemRoot\system32\drivers\afd.sys 0x03596000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x0359F000 \SystemRoot\system32\DRIVERS\pacer.sys 0x035C5000 \SystemRoot\system32\DRIVERS\mfenlfk.sys 0x035D6000 \SystemRoot\system32\DRIVERS\netbios.sys 0x035E5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x011D9000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03EA5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03EF6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03F02000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys 0x03F15000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys 0x03F1D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03F28000 \SystemRoot\System32\drivers\discache.sys 0x03F37000 \SystemRoot\System32\Drivers\dfsc.sys 0x03F55000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03F66000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03F8C000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x03FA1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03FAA000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03FC8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03FD7000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03FE6000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x03FF1000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03E56000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03E8B000 \??\C:\Windows\system32\drivers\UBHelper.sys 0x03E93000 \??\C:\Windows\system32\drivers\NTIDrvr.sys 0x042F5000 \SystemRoot\system32\DRIVERS\nvmf6264.sys 0x046D9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x051D7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x04200000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04646000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04684000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04694000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x046AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x051D9000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04347000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x051E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04376000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04397000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x046CE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x043B1000 \SystemRoot\system32\DRIVERS\ks.sys 0x011ED000 \SystemRoot\system32\DRIVERS\umbus.sys 0x054F9000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x05553000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x05623000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05568000 \SystemRoot\system32\drivers\portcls.sys 0x05600000 \SystemRoot\system32\drivers\drmk.sys 0x057E1000 \SystemRoot\system32\drivers\ksthunk.sys 0x057E7000 \SystemRoot\system32\drivers\nvhda64v.sys 0x055A5000 \SystemRoot\system32\drivers\mfeavfk.sys 0x05400000 \SystemRoot\system32\drivers\mfefirek.sys 0x0546A000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x05487000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05495000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x0549F000 \SystemRoot\System32\Drivers\dump_nvstor64.sys 0x054DC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00020000 \SystemRoot\System32\win32k.sys 0x055D2000 \SystemRoot\System32\drivers\Dxapi.sys 0x055DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x055FB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x01400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x03400000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x0141B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x054EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x01434000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00530000 \SystemRoot\System32\TSDDD.dll 0x03682000 \SystemRoot\system32\drivers\luafv.sys 0x036A5000 \SystemRoot\system32\drivers\WudfPf.sys 0x00650000 \SystemRoot\System32\cdd.dll 0x036C6000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x036DB000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x036F3000 \SystemRoot\system32\drivers\HTTP.sys 0x037BB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x037D9000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0362D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x052EE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05311000 \SystemRoot\system32\drivers\peauth.sys 0x053B7000 \SystemRoot\System32\Drivers\secdrv.SYS 0x053C2000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x05200000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0523F000 \SystemRoot\System32\DRIVERS\srv2.sys 0x05E47000 \SystemRoot\System32\DRIVERS\srv.sys 0x05EF9000 \SystemRoot\system32\drivers\cfwids.sys 0x05F07000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x05FBF000 \SystemRoot\system32\drivers\mfeapfk.sys 0x77580000 \Windows\System32\ntdll.dll 0x48570000 \Windows\System32\smss.exe 0xFF8A0000 \Windows\System32\apisetschema.dll 0xFFF80000 \Windows\System32\autochk.exe 0xFF880000 \Windows\System32\nsi.dll 0xFF700000 \Windows\System32\urlmon.dll 0xFF6F0000 \Windows\System32\lpk.dll 0xFF6A0000 \Windows\System32\ws2_32.dll 0xFF5C0000 \Windows\System32\advapi32.dll 0xFF4F0000 \Windows\System32\usp10.dll 0xFF3E0000 \Windows\System32\msctf.dll 0xFF2B0000 \Windows\System32\wininet.dll 0xFF260000 \Windows\System32\Wldap32.dll 0xFF000000 \Windows\System32\iertutil.dll 0x77750000 \Windows\System32\psapi.dll 0xFEED0000 \Windows\System32\rpcrt4.dll 0xFEDF0000 \Windows\System32\oleaut32.dll 0xFEC10000 \Windows\System32\setupapi.dll 0x77740000 \Windows\System32\normaliz.dll 0x77480000 \Windows\System32\user32.dll 0xFEBF0000 \Windows\System32\imagehlp.dll 0xFEB70000 \Windows\System32\shlwapi.dll 0xFDDE0000 \Windows\System32\shell32.dll 0xFDD70000 \Windows\System32\gdi32.dll 0xFDCF0000 \Windows\System32\difxapi.dll 0xFDCD0000 \Windows\System32\sechost.dll 0xFDC30000 \Windows\System32\clbcatq.dll 0xFDA20000 \Windows\System32\ole32.dll 0xFD980000 \Windows\System32\comdlg32.dll 0xFD8E0000 \Windows\System32\msvcrt.dll 0xFD8B0000 \Windows\System32\imm32.dll 0x77360000 \Windows\System32\kernel32.dll 0xFD870000 \Windows\System32\wintrust.dll 0xFD850000 \Windows\System32\devobj.dll 0xFD7E0000 \Windows\System32\KernelBase.dll 0xFD670000 \Windows\System32\crypt32.dll 0xFD630000 \Windows\System32\cfgmgr32.dll 0xFD590000 \Windows\System32\comctl32.dll 0xFD580000 \Windows\System32\msasn1.dll Processes (total 70): 0 System Idle Process 4 System 296 C:\Windows\System32\smss.exe 532 csrss.exe 576 C:\Windows\System32\wininit.exe 612 csrss.exe 636 C:\Windows\System32\services.exe 652 C:\Windows\System32\lsass.exe 660 C:\Windows\System32\lsm.exe 760 C:\Windows\System32\svchost.exe 824 C:\Windows\System32\nvvsvc.exe 864 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1012 C:\Windows\System32\svchost.exe 324 C:\Windows\System32\winlogon.exe 364 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\nvvsvc.exe 1316 C:\Windows\System32\spoolsv.exe 1352 C:\Windows\System32\svchost.exe 1528 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 1608 C:\Windows\System32\lxczcoms.exe 1636 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe 1684 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 1720 C:\Windows\System32\rundll32.exe 1744 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe 1756 C:\Windows\SysWOW64\rundll32.exe 1856 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 1916 C:\Windows\System32\svchost.exe 1944 C:\Program Files\Acer\Acer Updater\UpdaterService.exe 2000 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe 2044 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe 1116 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 1704 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 1940 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 2832 C:\Windows\System32\svchost.exe 2928 C:\Windows\System32\svchost.exe 2976 WUDFHost.exe 2692 C:\Windows\System32\dwm.exe 2876 C:\Windows\System32\taskhost.exe 2612 C:\Windows\explorer.exe 3188 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 3204 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe 3392 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe 3416 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3472 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 3484 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe 3604 C:\Windows\System32\SearchIndexer.exe 3724 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe 3736 C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe 3748 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe 3840 C:\Program Files\McAfee.com\Agent\mcagent.exe 3940 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3952 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe 3380 C:\Program Files\Windows Media Player\wmpnetwk.exe 2176 C:\Windows\System32\svchost.exe 4148 C:\PROGRA~2\INTERN~1\iexplore.exe 4296 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe 4488 C:\PROGRA~2\INTERN~1\iexplore.exe 5012 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe 4728 C:\Program Files\Common Files\McAfee\Core\mchost.exe 4280 C:\PROGRA~2\INTERN~1\iexplore.exe 5808 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe 3060 mcupdmgr.exe 3176 C:\PROGRA~2\INTERN~1\iexplore.exe 5744 C:\Windows\System32\audiodg.exe 2768 C:\Users\Sean\Desktop\MBRCheck.exe 5468 C:\Windows\System32\conhost.exe 4444 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ee500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`3a000000 (NTFS) PhysicalDrive0 Model Number: WDC WD3200AAJS-22L7A, Rev: 01.0 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 RE: Acer MBR code detected SHA1: 3183CBF02DD9B39C5FF84F50BA2419D633E30179 Done!

Edited by Enoch, 02 October 2010 - 06:45 AM.


#9 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 02 October 2010 - 08:42 PM

Hi,

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

Kaspersky Online Scanner in IE

I recommend you to leave your computer on for the whole night as the scanning will take longer than you expected.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go to Kaspersky website and click on Kaspersky Online Scanner to perform an online scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    Posted Image
  • Please post this log in your next reply.

**Note

For clearer guidance, here's the animated tutorial :-

Click here

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

===================================================

On your next reply please post :
MBAM log
Kaspersky log

Good Day!

#10 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 03 October 2010 - 02:50 AM

Hi, does Mcafee security centre need to be disabled before I run the quick scan with Malwarebytes'Anti Malware? I ran the scan without it being disabled, here are the results; Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4735 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03/10/2010 09:41:33 mbam-log-2010-10-03 (09-41-33).txt Scan type: Quick scan Objects scanned: 135577 Time elapsed: 4 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Does just the real time scanner and nothing else need to be disabled before I run the Kaspersky Online Scanner?

Advertisement


#11 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 03 October 2010 - 03:04 AM

If you have problems with running the scanner then you've got to disable it. Just the real time scanner.

#12 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 03 October 2010 - 05:46 AM

Here is the scan results from Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, October 3, 2010 Operating system: Microsoft (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, October 03, 2010 05:10:15 Records in database: 4280953 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ Scan statistics: Objects scanned: 149390 Threats found: 3 Infected objects found: 7 Suspicious objects found: 0 Scan duration: 01:47:54 File name / Threat / Threats count C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp Infected: Trojan-Downloader.Java.Agent.gx 3 C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01 Infected: Trojan-Downloader.Java.Agent.fe 3 C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326 Infected: Exploit.Java.Agent.cc 1 Selected area has been scanned.

#13 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 03 October 2010 - 06:00 AM

Here is another scan with Malwarebytes'Anti Malware with my Real Time Scanning turned off: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4735 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03/10/2010 12:57:02 mbam-log-2010-10-03 (12-57-02).txt Scan type: Quick scan Objects scanned: 138407 Time elapsed: 3 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#14 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,407 posts

Posted 03 October 2010 - 10:43 AM

Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp
    C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01
    C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326
    
    :Commands
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
===================================================

On your next reply please post :
Fresh OTL log
OTL fix log

Good Day!

#15 Enoch

Enoch

    Authentic Member

  • Authentic Member
  • PipPip
  • 38 posts

Posted 03 October 2010 - 01:32 PM

Hi here it is: All processes killed ========== FILES ========== C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp moved successfully. C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01 moved successfully. C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sean ->Temp folder emptied: 244437924 bytes ->Temporary Internet Files folder emptied: 125774898 bytes ->Java cache emptied: 617181 bytes ->Flash cache emptied: 120374 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10812079 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes RecycleBin emptied: 23898 bytes Total Files Cleaned = 364.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Sean ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10032010_202445 Files\Folders moved on Reboot... C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Sean\AppData\Local\Temp\~DF0213F19AF72654F7.TMP not found! File\Folder C:\Users\Sean\AppData\Local\Temp\~DF154B5761FF9EA730.TMP not found! File\Folder C:\Users\Sean\AppData\Local\Temp\~DF5D985F45FD99AC7E.TMP not found! File\Folder C:\Users\Sean\AppData\Local\Temp\~DF7F911C8854F93128.TMP not found! C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCVVO8DA\ads[1].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B2HMNJXG\ads[2].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B2HMNJXG\index[1].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NTITVBB\iframe[1].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NTITVBB\like[1].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39ONQBV4\iframescript[1].htm moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...

Advertisement




Similar Topics: Mcafee detecting Trojans     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users