Jump to content

MJ1980

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by MJ1980

  1. Cheers very much for all your help and for fixing my computer so quickly.

    Top class advisor!

    Kind Regards,

    MJ

  2. Hi Kahdah, I have now completed all the steps. My computer like I said previously is running like new! I understand that you did mention that the procedures do not mean that it will now be 100% secure but I don't have any private info on it and don't use it for any Financial transactions whatsoever. I just want to say a very big THANK YOU for all your help. You are a Superstar.
  3. Kahdah, I have now completed everything you have suggested and my laptop is running like a dream. In fact it hasn't been operating this well for years! Is this the last of the steps now?
  4. Hi, I can't find this file path anywhere. It goes as far as C:\Users\Public\....but no documents folder, just Public Documents and in that file there is no 'Server' This you can see below. Please advise Thank you.
  5. Hi, Here it is pasted below: OTL logfile created on: 12/10/2010 19:10:49 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Margie\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51.14 Gb Total Space | 20.38 Gb Free Space | 39.84% Space Free | Partition Type: NTFS Drive D: | 50.89 Gb Total Space | 44.73 Gb Free Space | 87.91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARGIE-PC Current User Name: Margie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Margie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Margie\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Margie\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:13:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 10:59:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 10:59:56 | 000,000,000 | ---D | M] [2009/03/10 22:23:58 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Mozilla\Extensions [2009/03/10 22:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/10/12 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\Margie\AppData\Roaming\Mozilla\Firefox\Profiles\447ur75w.default\extensions [2010/08/05 12:03:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Margie\AppData\Roaming\Mozilla\Firefox\Profiles\447ur75w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/12 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 10:59:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/12/20 23:01:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010/09/17 10:59:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/09/17 10:59:53 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/12/20 23:00:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/09/17 10:59:54 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/09/09 17:37:47 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/09/09 17:37:47 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/09/09 17:37:47 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/09/09 17:37:47 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/09/09 17:37:47 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/09/09 17:37:47 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/09/09 17:37:47 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/09/09 17:37:47 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/10/10 19:31:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.5 212.113.164.6 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/12 13:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/10/12 11:24:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/10/10 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Local\temp [2010/10/10 19:32:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010/10/10 19:27:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/10/10 17:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/10/09 20:44:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/10/09 20:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/10/09 20:44:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/10/09 20:44:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/10/09 20:43:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/10/06 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\SUPERAntiSpyware.com [2010/10/06 20:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/10/06 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/10/03 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Margie\Desktop\Epson Printer [2010/10/03 17:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2010/10/03 17:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2010/10/03 17:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint [2010/10/03 17:20:45 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll [2010/10/03 17:20:45 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll [2010/10/03 17:20:45 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll [2010/10/03 17:20:45 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll [2010/10/03 17:20:45 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll [2010/10/03 17:20:01 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL [2010/10/03 17:19:55 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBFCE.DLL [2010/10/03 17:19:53 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BFCE.DLL [2010/10/03 17:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010/10/03 17:18:59 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\eswiaud.dll [2010/10/03 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2010/10/01 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Margie\AppData\Roaming\Malwarebytes [2010/10/01 15:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/10/01 15:35:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/10/01 15:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/01 15:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/10/01 00:24:53 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2008/03/10 22:37:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008/03/10 22:37:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007/07/26 02:02:54 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2010/10/12 19:10:46 | 002,883,584 | -HS- | M] () -- C:\Users\Margie\ntuser.dat [2010/10/12 19:07:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/12 19:07:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/12 13:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/12 11:26:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/10/12 11:25:09 | 000,524,288 | -HS- | M] () -- C:\Users\Margie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/10/12 11:25:09 | 000,065,536 | -HS- | M] () -- C:\Users\Margie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/10/12 11:22:47 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/10/12 11:22:47 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/10/12 11:22:47 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/10/11 23:12:54 | 001,659,669 | -H-- | M] () -- C:\Users\Margie\AppData\Local\IconCache.db [2010/10/10 19:33:36 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/10/10 19:31:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/10/10 16:02:52 | 003,876,688 | R--- | M] () -- C:\Users\Margie\Desktop\ComboFix.exe [2010/10/09 19:41:14 | 000,241,152 | ---- | M] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/09 16:33:51 | 000,001,356 | ---- | M] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat [2010/10/06 20:47:13 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/10/01 15:36:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/01 00:29:25 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI ========== Files Created - No Company Name ========== [2010/10/09 20:44:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/10/09 20:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/10/09 20:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/10/09 20:44:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/10/09 20:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/10/09 20:20:46 | 003,876,688 | R--- | C] () -- C:\Users\Margie\Desktop\ComboFix.exe [2010/10/06 20:47:13 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/10/03 17:20:45 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010/10/03 17:20:45 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010/10/03 17:20:45 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010/10/03 17:20:45 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010/10/03 17:20:45 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010/10/03 17:20:45 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010/10/03 17:20:45 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010/10/03 17:20:45 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg [2010/10/03 17:20:45 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010/10/03 17:20:45 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg [2010/10/03 17:20:45 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg [2010/10/03 17:20:45 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg [2010/10/03 17:20:45 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg [2010/10/03 17:20:45 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg [2010/10/03 17:20:45 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg [2010/10/03 17:20:45 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg [2010/10/03 17:20:45 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg [2010/10/03 17:20:45 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010/10/03 17:20:45 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg [2010/10/03 17:20:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg [2010/10/03 17:20:45 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010/10/03 17:20:45 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010/10/03 17:20:45 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010/10/03 17:20:45 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010/10/03 17:20:45 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010/10/03 17:20:45 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010/10/03 17:20:45 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010/10/03 17:20:45 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010/10/03 17:20:45 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010/10/03 17:20:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010/10/03 17:20:44 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg [2010/10/03 17:20:44 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg [2010/10/01 15:36:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/09 17:56:36 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2009/06/08 23:01:00 | 000,021,080 | ---- | C] () -- C:\Users\Margie\AppData\Roaming\UserTile.png [2008/08/08 12:57:15 | 000,001,356 | ---- | C] () -- C:\Users\Margie\AppData\Local\d3d9caps.dat [2008/08/04 18:28:31 | 000,241,152 | ---- | C] () -- C:\Users\Margie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/08 22:30:35 | 000,000,520 | ---- | C] () -- C:\Users\Margie\AppData\Roaming\wklnhst.dat [2008/07/05 11:14:48 | 000,456,192 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008/07/05 11:14:44 | 003,591,168 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008/07/05 11:13:16 | 000,708,096 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008/06/22 17:34:00 | 000,177,664 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008/06/13 11:39:38 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008/06/12 18:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008/03/10 23:20:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/03/10 23:20:05 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008/03/10 23:19:58 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007/07/26 17:15:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007/07/26 03:44:56 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007/07/26 03:44:56 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007/07/26 02:02:57 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/07/26 02:02:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/07/26 02:02:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007/07/26 02:02:54 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007/07/10 16:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL [2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll [2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll < End of report > Thank you.
  6. Here it is: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=af52f7e84d7a8948ba300e15870f4ff1 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-10-12 03:07:30 # local_time=2010-10-12 04:07:30 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 4607 59540382 63543 0 # compatibility_mode=5892 16776573 100 100 328719 124418595 0 0 # compatibility_mode=8192 67108863 100 0 178 178 0 0 # scanned=148808 # found=5 # cleaned=5 # scan_time=10183 C:\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe Win32/Agent.RKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\[4]-Submit_2010-10-10_18.43.43.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ssmdrv.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\10122010_112439\c_windows\system32\drivers\lmdhqmcl.sys a variant of Win32/Bubnix.BB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Please note that after the scan I have not clicked finish as I wasn't sure If I had to check the boxes at the bottom. Please see the print screen attached. Thank you.
  7. Hi there, Please find the logs pasted below as requested: OTL: All processes killed ========== SERVICES/DRIVERS ========== Service 1e62ab55fc84d9f8 stopped successfully! Service 1e62ab55fc84d9f8 deleted successfully! Service 7e126a7de2247c2b stopped successfully! Service 7e126a7de2247c2b deleted successfully! Service b18c9a99bc6f5291 stopped successfully! Service b18c9a99bc6f5291 deleted successfully! Service b7202cb9d615f1fd stopped successfully! Service b7202cb9d615f1fd deleted successfully! ========== FILES ========== c:\windows\system32\drivers\lmdhqmcl.sys moved successfully. File\Folder c:\windows\system32\drivers\vntkmsam.sys not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\1e62ab55fc84d9f8\ not found. Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\7e126a7de2247c2b\ not found. Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b18c9a99bc6f5291\ not found. Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b7202cb9d615f1fd\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Margie ->Temp folder emptied: 835261 bytes ->Temporary Internet Files folder emptied: 2867180 bytes ->Java cache emptied: 51416827 bytes ->FireFox cache emptied: 47759490 bytes ->Flash cache emptied: 12580016 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1264 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 110.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10122010_112439 Files\Folders moved on Reboot... Registry entries deleted on Reboot... MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4799 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 12/10/2010 11:43:00 mbam-log-2010-10-12 (11-43-00).txt Scan type: Quick scan Objects scanned: 141827 Time elapsed: 11 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thank you.
  8. Hi, I re did the steps and ComboFix produced the attached log. Thanks.
  9. Sorry if I am being dumb It did reboot when I initially dragged the notepad txt onto the icon and the only log I THINK it created is the following: -------- 2010-10-09 - 20:44:35 ------------- -------- 2010-10-09 - 20:52:02 ------------- error: 31 The above log I found in C:\Quoobox\Quarantine and saved as Catchme.log Also, I cannot find any file in the C:\ with the name Combofix
  10. Ah! Okay...here it is: ComboFix 10-10-09.01 - Margie 09/10/2010 20:55:03.1.1 - x86 Microsoft
  11. Btw, after I dragged the CFScript.txt onto the icon it did not say 'ComboFix needs to upload some files' I did the steps by going Navigating to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip BUT could not find it. I clicked on the link you provided but it just directed me to Bleeping Computer website to register. So not sure if I have done the right thing?
  12. Hi, Here is the log as requested. The file name is ComboFix-quarantined-files.txt....Hope it is the log you require: 2010-10-09 20:17:54 . 2010-10-09 20:17:54 842 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SetPanel.reg.dat 2010-10-09 20:17:47 . 2010-10-09 20:17:47 922 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat 2010-10-09 20:16:37 . 2010-10-09 20:16:37 854 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ALaunch.reg.dat 2010-10-09 20:15:46 . 2010-10-09 20:15:46 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat 2010-10-09 20:15:42 . 2010-10-09 20:15:42 96 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat 2010-10-09 20:15:33 . 2010-10-09 20:15:33 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Acer Tour Reminder.reg.dat 2010-10-09 20:04:56 . 2010-10-09 20:04:56 11,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-10-09 19:44:34 . 2010-10-09 19:55:02 113 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-01-24 19:27:55 . 2009-05-11 09:12:24 28,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ssmdrv.sys.vir Thanks!
  13. Hi again, As always thanks again for your quick reply. Since I don't use my laptop for any Internet Banking, I didn't go down the route of a reformat as you suggested as one of the options. I have deleted and backed up any sensitive info and ran the ComboFix.exe I have attached the log as requested. I understand that it has not necessarily 'cleaned' my system 100%. Is there anything else now I should be doing or looking out for? I appreciate your time. ComboFix.txt
  14. Hi, first of all thanks very much for your reply. I followed your instructions and pasted everything below but when I sent it, I was told it was too long. Therefore, I have attached all the requested files instead. There was indeed lots of data. In regards to the Rootkit Unhooker, I downloaded and ran it and it scanned the Drivers and Stealth Code but when it prompted me to scan the C:/ drive it did not do anything for hours. I have attached a screen shot of how it was left for at least 4 hours by which time I cancelled the scan. Then it proceeded to scan the Code Hooks and then gave the report that I have also attached. So, am not sure if I will have to run it again as the Files did not get scanned by RkU. Please advise on next step and thanks again very much for your help. OTL.Txt Extras.Txt RkU_Report.txt
  15. Hello, I have recently been infected with various Trojans and malware and have been able to successfully delete most of them with the malwarebytes download. This was about 3 days ago. However, there is a persistant one that I cannot remove. Yesterday I downloaded and scanned with Superantispyware and it found 95 threats! I deleted them but this Morning my laptop is running at snails pace once again and my Avira AntiVirius is detecting the TR/Crypt.Epack.Gen2. I have Windows Vista Home Premium. I would greatly appreciate any help you can give me on removing this. My laptop is running so slowly it had taken me no less than 4 hours just to register on this site and post this message. I am no computer whizz therefore, step by step instructions for computer dummies would be helpful. Thanks very much in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.