Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DHL virus email zip

Started by allanon123 , Jun 03 2011 10:35 AM

  • Please log in to reply

#1
allanon123
Posted 03 June 2011 - 10:35 AM

allanon123

    New Member

  • Member
  • Pip
  • 1 posts
Hi All,
I was actually waiting for a package from DHL. When this email came in I did not think it wasnt real. Ran a virus scan before opening, it said it was clean. Only when I click on to see document delivery did I notice it was a zip file. Instantly my machine went funny with my desktop started showing Windows 7 Recovery icon andwhen seeming it was running scans on my machine. Then a download for adobe poped up and wouldnt go off the screen. Eventually I turned off my computer. When I started it up again the icons and adobe was still there. I need the machine for a lot of buisness and money(credit card transactions) I didnt want to take any risks so I installed windows 7 again. However I did notice that it actually keeps a copy off the old system in a folder called windows old. Could the virus be still there. I have run macfee full scan and it just came up with 2 cookies and deleted them. How can I tell if its gone. If I use any finanical details these may be stolen and I up the creek. I even afraid to buy a malware or spyware system online because of having to enter my details. Is there a way around this. I enclose OLT and it also gave me an extra.txt(dont know whats thats about.

Heres the OLT

OTL logfile created on: 6/3/2011 5:10:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\john\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.12 Mb Total Physical Memory | 449.25 Mb Available Physical Memory | 43.95% Memory free
2.00 Gb Paging File | 1.15 Gb Available in Paging File | 57.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 58.98 Gb Free Space | 79.27% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 17:09:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
PRC - [2011/06/03 00:13:06 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 17:09:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/03 10:47:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 DD E8 2C 55 21 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/02 20:01:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110602195457.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7ea6226f-8d83-11e0-8a27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ea6226f-8d83-11e0-8a27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 17:09:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2011/06/03 16:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/03 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/03 16:45:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/06/03 03:47:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/06/03 02:51:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/03 02:48:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/06/03 00:13:12 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Macromedia
[2011/06/03 00:13:12 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Adobe
[2011/06/03 00:13:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/06/03 00:10:30 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\RegistryKeys
[2011/06/02 19:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/06/02 19:55:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2011/06/02 19:55:46 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2011/06/02 19:55:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/06/02 19:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/06/02 19:55:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/06/02 19:54:55 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/06/02 19:54:07 | 000,337,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/06/02 19:54:07 | 000,179,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/06/02 19:54:07 | 000,163,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/06/02 19:54:07 | 000,085,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/06/02 19:54:07 | 000,064,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/06/02 19:54:07 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/06/02 19:54:07 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/06/02 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/06/02 19:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/06/02 19:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/06/02 19:47:46 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/06/02 19:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/06/02 19:04:52 | 000,000,000 | R--D | C] -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/02 19:04:52 | 000,000,000 | R--D | C] -- C:\Users\john\Searches
[2011/06/02 19:04:52 | 000,000,000 | R--D | C] -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/02 19:04:52 | 000,000,000 | -H-D | C] -- C:\Users\john\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/02 19:04:35 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Identities
[2011/06/02 19:04:32 | 000,000,000 | R--D | C] -- C:\Users\john\Contacts
[2011/06/02 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\VirtualStore
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\AppData\Local\Temporary Internet Files
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Templates
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Start Menu
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\SendTo
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Recent
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\PrintHood
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\NetHood
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Documents\My Videos
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Documents\My Pictures
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Documents\My Music
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\My Documents
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Local Settings
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\AppData\Local\History
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Cookies
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\Application Data
[2011/06/02 19:04:22 | 000,000,000 | -HSD | C] -- C:\Users\john\AppData\Local\Application Data
[2011/06/02 19:04:21 | 000,000,000 | --SD | C] -- C:\Users\john\AppData\Roaming\Microsoft
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Videos
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Saved Games
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Pictures
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Music
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Links
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Favorites
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Downloads
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\My Documents
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\Desktop
[2011/06/02 19:04:21 | 000,000,000 | R--D | C] -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/02 19:04:21 | 000,000,000 | -H-D | C] -- C:\Users\john\AppData
[2011/06/02 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Temp
[2011/06/02 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Microsoft
[2011/06/02 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2011/06/03 17:09:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2011/06/03 16:55:27 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 16:55:27 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 16:49:20 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/06/03 16:48:39 | 000,012,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:48:39 | 000,012,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 16:47:51 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/03 16:47:18 | 803,827,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 10:40:54 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/06/03 10:40:54 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/06/03 09:24:06 | 000,000,000 | ---- | M] () -- C:\Users\john\defogger_reenable
[2011/06/03 03:47:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/03 02:52:53 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/06/03 02:51:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2011/06/02 19:44:55 | 000,001,407 | ---- | M] () -- C:\Users\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2011/06/03 10:40:54 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/06/03 10:40:54 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/06/03 09:24:06 | 000,000,000 | ---- | C] () -- C:\Users\john\defogger_reenable
[2011/06/03 02:52:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/06/03 02:52:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/06/03 02:51:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2011/06/02 19:56:46 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/06/02 19:44:55 | 000,001,407 | ---- | C] () -- C:\Users\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/02 19:04:54 | 000,001,413 | ---- | C] () -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/02 19:04:22 | 000,000,290 | ---- | C] () -- C:\Users\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/02 19:04:21 | 000,000,272 | ---- | C] () -- C:\Users\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,615,360 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,103,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/03 00:10:30 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\RegistryKeys
[2009/07/14 05:53:46 | 000,002,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

and heres the extras
OTL Extras logfile created on: 6/3/2011 5:10:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\john\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.12 Mb Total Physical Memory | 449.25 Mb Available Physical Memory | 43.95% Memory free
2.00 Gb Paging File | 1.15 Gb Available in Paging File | 57.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 58.98 Gb Free Space | 79.27% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ESET Online Scanner" = ESET Online Scanner v3
"MSC" = McAfee Internet Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2011 2:56:12 PM | Computer Name = john-PC | Source = VSS | ID = 8194
Description =

Error - 6/2/2011 6:55:01 PM | Computer Name = john-PC | Source = VSS | ID = 8194
Description =

Error - 6/2/2011 7:55:24 PM | Computer Name = john-PC | Source = VSS | ID = 8194
Description =

Error - 6/3/2011 3:35:03 AM | Computer Name = john-PC | Source = VSS | ID = 8194
Description =

Error - 6/3/2011 11:50:30 AM | Computer Name = john-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 6/2/2011 6:42:13 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/2/2011 6:43:32 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/2/2011 6:43:55 PM | Computer Name = john-PC | Source = DCOM | ID = 10005
Description =

Error - 6/2/2011 6:44:12 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/2/2011 6:44:13 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/2/2011 6:44:13 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/2/2011 6:44:13 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/3/2011 5:30:52 AM | Computer Name = john-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/3/2011 11:46:12 AM | Computer Name = john-PC | Source = Application Popup | ID = 877
Description = There was error [DATABASE OPEN FAILED] processing the driver database.

Error - 6/3/2011 11:49:13 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405


< End of report >

Any help greatly appreciated

Allanon123
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP