Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't connect to network after removing Antimalware Doctor

Started by togatown , Oct 25 2010 02:39 PM

  • This topic is locked This topic is locked

#1
togatown
Posted 25 October 2010 - 02:39 PM

togatown

    Member

  • Member
  • PipPip
  • 34 posts
I am running Windows XP Professional and manually removed all the Antimalware Doctor files from my machine and removed all related registry keys as well.

My computer seems to be running fine and no sign of the virus anymore but my machine will not connect to the internet - have tried both wireless connection and hardwired connection. It recognizes the wireless networks that are available but hangs when trying to acquire an IP address.

I ensured that I'm not using a proxy server and have tried the winsock reset as well as ip reset.

Any ideas?
  • 0

Advertisements

#2
Essexboy
Posted 25 October 2010 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Catbyte has worked out a little routine which in the majority of cases cures the problem

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]


On the desktop, doubleclick fix.reg and allow it to run. Let it merge


After the reboot, we will reinstall TCP/IP
  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box
After that, Reboot your computer and see if you have regained your connection.

Could you also include an OTS scan as well for me to check out

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
    Reg - NetSvcs
    Reg - Shell Spawning
    Evnt - EventViewer Logs (Last 10 Errors)
    File - Lop Check
    File - Purity Scan
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

  • 0

#3
togatown
Posted 25 October 2010 - 05:49 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I ran the fixme.reg file and rebooted. Then reinstalled the TCP/IP and rebooted again. Still recognizes the wireless networks but won't connect. Just tries to renew the IP address but never does.

I also feel like there may still be some kind of malware or virus on the machine. I installed Ad-Aware since getting the initial Antimalware Doctor virus becuase I was concerned that Symantec Endpoint Protection didn't pick it up. My machine has been very slow to boot now or at least to give me the wireless config icon in my system tray. I just received a popup from Ad-Aware saying that it blocked a process and detected a virus. See below for a log of the blocked processes as well as the OTS scan you requested.

I am using a different machine to post with since I have not internet access with my other machine.

MSG [5864] 2010/10/22 21:37:02: C:\docume~1\owner\locals~1\temp\cfz.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [1024] 2010/10/22 21:42:02: C:\docume~1\owner\locals~1\temp\cf4.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [0744] 2010/10/22 22:37:01: C:\docume~1\owner\locals~1\temp\cfz.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [5292] 2010/10/22 22:42:01: C:\docume~1\owner\locals~1\temp\cf4.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [5536] 2010/10/25 18:37:00: C:\docume~1\owner\locals~1\temp\cfz.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [5904] 2010/10/25 18:42:00: C:\docume~1\owner\locals~1\temp\cf4.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [3844] 2010/10/25 19:37:01: C:\docume~1\owner\locals~1\temp\cfz.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block
MSG [1432] 2010/10/25 19:42:00: C:\docume~1\owner\locals~1\temp\cf4.exe (diagnosis: Malware family: VirTool.Win32.Obfuscator.hg!b (v)) => Block

OTS logfile created on: 10/25/2010 7:41:27 PM - Run 2
OTS by OldTimer - Version 3.1.40.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 112.37 Gb Free Space | 37.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OEM-3414B23E485
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/10/25 18:29:30 | 000,641,536 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/09/23 03:46:07 | 001,355,928 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/09/23 03:46:07 | 000,864,624 | ---- | M] (Lavasoft)
stacsv.exe -> C:\WINDOWS\system32\stacsv.exe -> [2009/07/21 16:58:55 | 000,094,208 | ---- | M] (SigmaTel, Inc.)
awc.exe -> C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe -> [2009/06/30 09:55:40 | 002,329,224 | ---- | M] (IObit)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2007/12/18 21:08:08 | 002,189,240 | ---- | M] (Symantec Corporation)
smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2007/12/18 19:03:10 | 001,643,904 | ---- | M] (Symantec Corporation)
smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2007/12/18 19:03:08 | 002,569,600 | ---- | M] (Symantec Corporation)
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2007/12/10 18:06:18 | 001,228,800 | ---- | M] (Dell Inc.)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2007/11/09 15:15:34 | 000,115,560 | ---- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 15:15:18 | 000,108,392 | ---- | M] (Symantec Corporation)
dellwmgr.exe -> C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe -> [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.)
cvpnd.exe -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
oem02mon.exe -> C:\WINDOWS\OEM02Mon.exe -> [2007/05/10 02:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo)
hpztsb10.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe -> [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/10/25 18:29:30 | 000,641,536 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
sysfer.dll -> C:\WINDOWS\system32\sysfer.dll -> [2007/12/18 19:04:08 | 000,329,088 | ---- | M] (Symantec Corporation)
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/09/23 03:46:07 | 001,355,928 | ---- | M] (Lavasoft)
(STacSV) SigmaTel Audio Service [Auto | Running] -> C:\WINDOWS\system32\stacsv.exe -> [2009/07/21 16:58:55 | 000,094,208 | ---- | M] (SigmaTel, Inc.)
(RoxMediaDB10) RoxMediaDB10 [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -> [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2007/12/18 21:08:08 | 002,189,240 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [On_Demand | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2007/12/18 19:04:36 | 000,234,888 | ---- | M] (Symantec Corporation)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2007/12/18 19:03:08 | 002,569,600 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 15:15:18 | 000,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/11/09 15:15:18 | 000,108,392 | ---- | M] (Symantec Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation)
(CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
(IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo)
 
[Driver Services - Safe List]
(zumbus) Zune Bus Enumerator Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\DRIVERS\zumbus.sys -> File not found
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101019.004\NAVEX15.SYS -> [2010/09/30 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101019.004\NAVENG.SYS -> [2010/09/30 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB)
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2010/09/23 03:46:08 | 000,015,008 | ---- | M] ()
(WpsHelper) WpsHelper [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WpsHelper.sys -> [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2009/10/06 16:29:02 | 000,136,496 | ---- | M] (Symantec Corporation)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\iaStor.sys -> [2009/07/21 17:01:56 | 000,328,728 | ---- | M] (Intel Corporation)
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2009/07/21 17:01:10 | 001,287,552 | ---- | M] (Broadcom Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2009/07/21 17:00:39 | 006,047,904 | ---- | M] (Intel Corporation)
(IntcHdmiAddService) Intel(R) High Definition Audio HDMI Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntcHdmi.sys -> [2009/07/21 16:59:59 | 000,110,080 | ---- | M] (Intel(R) Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2009/07/21 16:58:55 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2009/07/21 16:58:14 | 000,265,856 | ---- | M] (Marvell)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2009/07/21 16:56:45 | 000,989,696 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2009/07/21 16:56:45 | 000,730,112 | ---- | M] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2009/07/21 16:56:45 | 000,209,152 | ---- | M] (Conexant Systems, Inc.)
(atiide) ATI SATA Controller IDE mode [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\atiide.sys -> [2009/07/21 16:55:41 | 000,003,456 | ---- | M] (ATI Technologies Inc.)
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys -> [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2008/04/13 18:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(SysPlant) SysPlant for NT [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -> [2007/12/18 19:06:14 | 000,091,008 | ---- | M] (Symantec Corporation)
(WPS) WPS [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\WPSDRVnt.sys -> [2007/12/18 19:04:16 | 000,040,832 | ---- | M] (Symantec Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys -> [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys -> [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys -> [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation)
(Teefer2) Teefer2 Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\teefer2.sys -> [2007/08/06 15:29:28 | 000,049,024 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation)
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Dev.sys -> [2007/07/18 02:02:00 | 000,235,520 | ---- | M] (Creative Technology Ltd.)
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\CVPNDRVA.sys -> [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.)
(OEM02Afx) Provides a software interface to control audio effects of OEM002 camera. [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Afx.sys -> [2007/06/08 02:00:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC)
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Vfx.sys -> [2007/03/05 19:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dne2000.sys -> [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CVirtA.sys -> [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation)
(WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\winusb.sys -> [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > -> -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: Main\\"Start Page" -> http://www.espn.com/ -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: "ProxyOverride" -> *.local;<local> -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: "ProxyServer" -> proxy:80 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\za1kw2ny.default\prefs.js -> 
browser.startup.homepage -> "http://www.espn.com/" ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 ->
network.proxy.ftp -> "proxy" ->
network.proxy.ftp_port -> 80 ->
network.proxy.gopher -> "proxy" ->
network.proxy.gopher_port -> 80 ->
network.proxy.http -> "proxy" ->
network.proxy.http_port -> 80 ->
network.proxy.no_proxies_on -> "localhost,127.0.0.1" ->
network.proxy.share_proxy_settings -> true ->
network.proxy.socks -> "proxy" ->
network.proxy.socks_port -> 80 ->
network.proxy.ssl -> "proxy" ->
network.proxy.ssl_port -> 80 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/20 00:31:10 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/10/20 00:31:10 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2009/10/06 18:00:51 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\za1kw2ny.default\extensions -> [2010/10/18 10:00:48 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\za1kw2ny.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/07 18:29:51 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/10/19 18:24:01 | 000,000,000 | ---D | M]
Skype extension for Firefox   -> C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} -> [2010/03/11 21:03:21 | 000,000,000 | ---D | M]
< HOSTS File > ([2008/04/14 08:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2007/11/09 15:15:34 | 000,115,560 | ---- | M] (Symantec Corporation)
"Dell QuickSet" -> C:\Program Files\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2007/12/10 18:06:18 | 001,228,800 | ---- | M] (Dell Inc.)
"DELL Webcam Manager" -> C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe ["C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s] -> [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.)
"HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP)
"OEM02Mon.exe" -> C:\WINDOWS\OEM02Mon.exe [C:\WINDOWS\OEM02Mon.exe] -> [2007/05/10 02:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
"ramcewnoxs.tmp" -> C:\Documents and Settings\Owner\Local Settings\Temp\ramcewnoxs.tmp ["C:\DOCUME~1\Owner\LOCALS~1\Temp\ramcewnoxs.tmp"] -> [2010/10/19 22:09:28 | 000,039,936 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> File not found
"UpdateLBPShortCut" -> C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePDIRShortCut" -> C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/10/06 23:42:38 | 000,210,216 | ---- | M] (CyberLink Corp.)
"WatchDog" -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [C:\Program Files\InterVideo\DVD Check\DVDCheck.exe] -> [2008/05/23 20:23:22 | 000,197,904 | ---- | M] (InterVideo Inc.)
< Run [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Advanced SystemCare 3" -> C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe ["C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup] -> [2009/06/30 09:55:40 | 002,329,224 | ---- | M] (IObit)
"IJKUK66HMN" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cfz.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cfz.exe] -> [2010/10/19 22:13:35 | 000,221,184 | ---- | M] (Trend Micro Inc.)
"NtWqIVLZEWZU" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cf3.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cf3.exe] -> [2010/10/19 22:13:43 | 000,200,704 | ---- | M] (Trend Micro Inc.)
"SMH2B46TDP" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cfy.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cfy.exe] -> [2010/10/19 22:13:31 | 000,221,184 | ---- | M] (Trend Micro Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe -> [2008/05/23 20:23:22 | 000,197,904 | ---- | M] (InterVideo Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk -> C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -> [2009/10/06 11:38:02 | 000,006,144 | R--- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoResolveSearch" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 16 domain(s) found. -> 
www_joinmvp.com [http] -> Trusted sites -> 
www_joinmvpgold.com [http] -> Trusted sites -> 
www_joinmvpnh.com [http] -> Trusted sites -> 
www_joinpreferredcare.org [http] -> Trusted sites -> 
lawprod.hq_mvphealthcare.com [https] -> Trusted sites -> 
md_mvphealthcare.com [https] -> Trusted sites -> 
swp_mvphealthcare.com [https] -> Trusted sites -> 
www_mvphealthcare.com [http] -> Trusted sites -> 
www_mvphealthcare.com [https] -> Trusted sites -> 
www_mvphealthplan.com [http] -> Trusted sites -> 
www_mvpkidpower.com [http] -> Trusted sites -> 
www_mvppc.com [http] -> Trusted sites -> 
www_mvpquote.com [http] -> Trusted sites -> 
www_mvpselectcare.com [http] -> Trusted sites -> 
www_mvpvermont.com [http] -> Trusted sites -> 
www_nhmvp.com [http] -> Trusted sites -> 
www_pckidpower.com [http] -> Trusted sites -> 
citrix_preferredcare.org [https] -> Trusted sites -> 
www_preferredcare.org [http] -> Trusted sites -> 
www_preferredcare.org [https] -> Trusted sites -> 
sympoweb .[http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1584 domain(s) found. -> 
www_joinmvp.com [http] -> Trusted sites -> 
www_joinmvpgold.com [http] -> Trusted sites -> 
www_joinmvpnh.com [http] -> Trusted sites -> 
www_joinpreferredcare.org [http] -> Trusted sites -> 
lawprod.hq_mvphealthcare.com [https] -> Trusted sites -> 
md_mvphealthcare.com [https] -> Trusted sites -> 
swp_mvphealthcare.com [https] -> Trusted sites -> 
www_mvphealthcare.com [http] -> Trusted sites -> 
www_mvphealthcare.com [https] -> Trusted sites -> 
www_mvphealthplan.com [http] -> Trusted sites -> 
www_mvpkidpower.com [http] -> Trusted sites -> 
www_mvppc.com [http] -> Trusted sites -> 
www_mvpquote.com [http] -> Trusted sites -> 
www_mvpselectcare.com [http] -> Trusted sites -> 
www_mvpvermont.com [http] -> Trusted sites -> 
www_nhmvp.com [http] -> Trusted sites -> 
www_pckidpower.com [http] -> Trusted sites -> 
citrix_preferredcare.org [https] -> Trusted sites -> 
www_preferredcare.org [http] -> Trusted sites -> 
www_preferredcare.org [https] -> Trusted sites -> 
sympoweb .[http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2009/07/21 17:00:43 | 000,217,088 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/07/21 15:01:31 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ -> C:\WINDOWS\System32\hidserv.dll -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/14 08:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [Generate MD5 Signatures] -> "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" -> [2000/09/29 20:23:22 | 000,083,968 | ---- | M] (Michael K. Weise)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/29/2010 7:55:49 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 7/30/2010 8:19:01 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/1/2010 8:01:56 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/8/2010 9:04:22 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/13/2010 5:35:52 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/18/2010 5:49:40 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/21/2010 1:35:54 AM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 8/27/2010 5:00:19 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 9/4/2010 2:44:59 PM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
Application [ Error ] 9/16/2010 9:12:40 AM Computer Name = OEM-3414B23E485 | Source = SescLU | ID = 13 -> Description =   LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
System [ Error ] 10/25/2010 7:03:52 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7024 -> Description = The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
System [ Error ] 10/25/2010 7:03:52 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7023 -> Description = The IPSEC Services service terminated with the following error:   %%10044
System [ Error ] 10/25/2010 7:03:52 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7023 -> Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:   %%10047
System [ Error ] 10/25/2010 7:11:00 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7003 -> Description = The DHCP Client service depends on the following nonexistent service: NetBT
System [ Error ] 10/25/2010 7:11:00 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7003 -> Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
System [ Error ] 10/25/2010 7:11:00 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7000 -> Description = The Zune Bus Enumerator Driver service failed to start due to the following error:   %%2
System [ Error ] 10/25/2010 7:12:49 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7022 -> Description = The Automatic Updates service hung on starting.
System [ Error ] 10/25/2010 7:35:57 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7003 -> Description = The DHCP Client service depends on the following nonexistent service: NetBT
System [ Error ] 10/25/2010 7:35:57 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7003 -> Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
System [ Error ] 10/25/2010 7:35:57 PM Computer Name = OEM-3414B23E485 | Source = Service Control Manager | ID = 7000 -> Description = The Zune Bus Enumerator Driver service failed to start due to the following error:   %%2
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/10/25 18:30:53 | 000,641,536 | ---- | C] (OldTimer Tools)
 Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/10/22 20:03:44 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/10/22 20:02:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/10/22 20:02:06 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/10/22 20:02:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/10/22 20:02:05 | 000,000,000 | ---D | C]
 Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2010/10/22 19:55:34 | 000,064,288 | ---- | C] (Lavasoft AB)
 {E961CE1B-C3EA-4882-9F67-F859B555D097} -> C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097} -> [2010/10/22 19:54:55 | 000,000,000 | -H-D | C]
 Lavasoft -> C:\Program Files\Lavasoft -> [2010/10/22 19:54:36 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/10/22 19:54:36 | 000,000,000 | ---D | C]
 TDK -> C:\Documents and Settings\All Users\Application Data\TDK -> [2010/10/20 15:54:07 | 000,000,000 | ---D | C]
 CSC -> C:\WINDOWS\CSC -> [2010/10/19 22:55:05 | 000,000,000 | ---D | C]
 Cwufea.exe -> C:\WINDOWS\Cwufea.exe -> [2010/10/19 22:13:35 | 000,221,184 | ---- | C] (Trend Micro Inc.)
 Server -> C:\Documents and Settings\All Users\Documents\Server -> [2010/10/19 22:10:07 | 000,000,000 | -H-D | C]
 Temp -> C:\Documents and Settings\Owner\Local Settings\Application Data\Temp -> [2010/10/09 10:40:13 | 000,000,000 | ---D | C]
 Google -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google -> [2010/10/09 10:40:10 | 000,000,000 | ---D | C]
 cache -> C:\Documents and Settings\Owner\Local Settings\Application Data\cache -> [2010/10/03 04:31:20 | 000,000,000 | ---D | C]
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> [2010/10/25 19:42:00 | 000,000,282 | -H-- | M] ()
 {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job -> [2010/10/25 19:37:01 | 000,000,282 | -H-- | M] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/10/25 19:36:58 | 000,000,472 | ---- | M] ()
 WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2010/10/25 19:34:03 | 000,000,260 | ---- | M] ()
 VPN Client.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk -> [2010/10/25 19:33:44 | 000,002,447 | ---- | M] ()
 YUZTJV.job -> C:\WINDOWS\tasks\YUZTJV.job -> [2010/10/25 19:33:34 | 000,000,302 | -HS- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/10/25 19:33:14 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/10/25 19:33:07 | 3210,780,672 | -HS- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/10/25 19:01:12 | 000,002,206 | ---- | M] ()
 fixme.reg -> C:\Documents and Settings\Owner\Desktop\fixme.reg -> [2010/10/25 18:58:20 | 000,000,141 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003UA.job -> [2010/10/25 18:45:05 | 000,000,978 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/10/25 18:29:30 | 000,641,536 | ---- | M] (OldTimer Tools)
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/10/22 20:02:32 | 000,000,696 | ---- | M] ()
 Ad-Aware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk -> [2010/10/22 19:54:54 | 000,000,885 | ---- | M] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/10/22 19:54:54 | 000,000,867 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/10/19 22:45:09 | 000,444,596 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/10/19 22:45:09 | 000,072,306 | ---- | M] ()
 Cwufea.exe -> C:\WINDOWS\Cwufea.exe -> [2010/10/19 22:13:29 | 000,221,184 | ---- | M] (Trend Micro Inc.)
 mssha6.dll -> C:\WINDOWS\System32\mssha6.dll -> [2010/10/19 22:13:28 | 000,069,632 | RHS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003Core.job -> [2010/10/18 10:45:01 | 000,000,926 | ---- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/10/17 23:29:28 | 000,002,137 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/13 03:19:56 | 000,300,440 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/13 03:03:28 | 000,001,393 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/10/05 21:44:02 | 000,032,256 | ---- | M] ()
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 2 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 2 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 
[Files - No Company Name]
 fixme.reg -> C:\Documents and Settings\Owner\Desktop\fixme.reg -> [2010/10/25 18:58:20 | 000,000,141 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/10/22 20:02:32 | 000,000,696 | ---- | C] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/10/22 19:56:18 | 000,000,472 | ---- | C] ()
 Ad-Aware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk -> [2010/10/22 19:54:54 | 000,000,885 | ---- | C] ()
 Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/10/22 19:54:54 | 000,000,867 | ---- | C] ()
 log.txt -> C:\Documents and Settings\Owner\log.txt -> [2010/10/22 19:18:26 | 000,000,543 | ---- | C] ()
 resetlog.txt -> C:\Documents and Settings\Owner\resetlog.txt -> [2010/10/20 01:08:19 | 000,010,683 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/10/20 00:18:36 | 3210,780,672 | -HS- | C] ()
 {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> [2010/10/19 22:13:46 | 000,000,282 | -H-- | C] ()
 {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job -> [2010/10/19 22:13:39 | 000,000,282 | -H-- | C] ()
 mssha6.dll -> C:\WINDOWS\System32\mssha6.dll -> [2010/10/19 22:13:28 | 000,069,632 | RHS- | C] ()
 YUZTJV.job -> C:\WINDOWS\tasks\YUZTJV.job -> [2010/10/19 22:13:28 | 000,000,302 | -HS- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003UA.job -> [2010/10/09 10:40:12 | 000,000,978 | ---- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1819960671-3660475524-142641703-1003Core.job -> [2010/10/09 10:40:12 | 000,000,926 | ---- | C] ()
 pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2010/03/16 21:01:57 | 000,000,028 | ---- | C] ()
 pdf995mon.dll -> C:\WINDOWS\System32\pdf995mon.dll -> [2010/03/16 20:59:58 | 000,051,716 | ---- | C] ()
 wpd99.drv -> C:\WINDOWS\wpd99.drv -> [2010/03/16 20:59:58 | 000,000,060 | ---- | C] ()
 BladeEnc.dll -> C:\WINDOWS\System32\BladeEnc.dll -> [2010/02/10 22:53:41 | 000,528,384 | ---- | C] ()
 ShnDll32.dll -> C:\WINDOWS\System32\ShnDll32.dll -> [2010/02/10 22:53:41 | 000,120,832 | ---- | C] ()
 hpdj5700.ini -> C:\WINDOWS\hpdj5700.ini -> [2009/10/12 16:05:55 | 000,002,298 | ---- | C] ()
 hpbvspst.ini -> C:\WINDOWS\hpbvspst.ini -> [2009/10/12 16:05:23 | 000,000,414 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/06 10:30:46 | 000,032,256 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2009/07/21 17:03:32 | 000,000,061 | ---- | C] ()
 igfxCoIn_v4990.dll -> C:\WINDOWS\System32\igfxCoIn_v4990.dll -> [2009/07/21 17:00:39 | 000,147,456 | ---- | C] ()
 rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2009/07/21 16:53:16 | 000,016,480 | ---- | C] ()
 IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2009/07/21 15:49:04 | 000,204,800 | ---- | C] ()
 IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2009/07/21 15:49:04 | 000,192,512 | ---- | C] ()
 IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2009/07/21 15:49:04 | 000,192,512 | ---- | C] ()
 IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2009/07/21 15:49:04 | 000,188,416 | ---- | C] ()
 IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2009/07/21 15:49:03 | 000,200,704 | ---- | C] ()
 IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2009/07/21 15:49:03 | 000,020,480 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/07/21 15:25:04 | 000,000,376 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2009/07/21 07:48:15 | 000,004,161 | ---- | C] ()
 vpnapi.dll -> C:\WINDOWS\System32\vpnapi.dll -> [2007/07/16 11:58:10 | 000,197,408 | ---- | C] ()
 CSGina.dll -> C:\WINDOWS\System32\CSGina.dll -> [2007/07/16 11:58:00 | 000,193,312 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 18:05:08 | 000,002,695 | ---- | C] ()
 
[File - Lop Check]
 pdf995 -> C:\Documents and Settings\All Users\Application Data\pdf995 -> [2010/07/13 20:35:54 | 000,000,000 | ---D | M]
 TDK -> C:\Documents and Settings\All Users\Application Data\TDK -> [2010/10/20 15:54:07 | 000,000,000 | ---D | M]
 Temp -> C:\Documents and Settings\All Users\Application Data\Temp -> [2009/07/21 16:26:43 | 000,000,000 | ---D | M]
 Uninstall -> C:\Documents and Settings\All Users\Application Data\Uninstall -> [2009/07/21 15:55:23 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/10/07 18:56:12 | 000,000,000 | ---D | M]
 {E961CE1B-C3EA-4882-9F67-F859B555D097} -> C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097} -> [2010/10/22 19:54:56 | 000,000,000 | -H-D | M]
 com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2009/10/06 09:37:45 | 000,000,000 | ---D | M]
 com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1 -> C:\Documents and Settings\Owner\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1 -> [2009/12/06 14:48:32 | 000,000,000 | ---D | M]
 dBpoweramp -> C:\Documents and Settings\Owner\Application Data\dBpoweramp -> [2010/03/03 20:13:37 | 000,000,000 | ---D | M]
 ICAClient -> C:\Documents and Settings\Owner\Application Data\ICAClient -> [2010/07/13 18:02:28 | 000,000,000 | ---D | M]
 IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2009/10/30 14:07:29 | 000,000,000 | ---D | M]
 pdf995 -> C:\Documents and Settings\Owner\Application Data\pdf995 -> [2010/03/16 21:01:57 | 000,000,000 | ---D | M]
 tmp -> C:\Documents and Settings\Owner\Application Data\tmp -> [2010/03/11 21:07:58 | 000,000,000 | ---D | M]
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/10/25 19:36:58 | 000,000,472 | ---- | M] ()
 WGASetup.job -> C:\WINDOWS\Tasks\WGASetup.job -> [2010/10/25 19:34:03 | 000,000,260 | ---- | M] ()
 YUZTJV.job -> C:\WINDOWS\Tasks\YUZTJV.job -> [2010/10/25 19:33:34 | 000,000,302 | -HS- | M] ()
 {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job -> [2010/10/25 19:37:01 | 000,000,282 | -H-- | M] ()
 {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> [2010/10/25 19:42:00 | 000,000,282 | -H-- | M] ()
 
[File - Purity Scan]
 
< End of report >

  • 0

#4
Essexboy
Posted 26 October 2010 - 12:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You are still infected - so lets clear that first. On completion of this run retry the internet and let me know the result

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > ->
YN -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\: "ProxyServer" -> proxy:80
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\za1kw2ny.default\prefs.js
YN -> network.proxy.ftp -> "proxy"
YN -> network.proxy.ftp_port -> 80
YN -> network.proxy.gopher -> "proxy"
YN -> network.proxy.gopher_port -> 80
YN -> network.proxy.http -> "proxy"
YN -> network.proxy.http_port -> 80
YN -> network.proxy.no_proxies_on -> "localhost,127.0.0.1"
YN -> network.proxy.share_proxy_settings -> true
YN -> network.proxy.socks -> "proxy"
YN -> network.proxy.socks_port -> 80
YN -> network.proxy.ssl -> "proxy"
YN -> network.proxy.ssl_port -> 80
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "ramcewnoxs.tmp" -> C:\Documents and Settings\Owner\Local Settings\Temp\ramcewnoxs.tmp ["C:\DOCUME~1\Owner\LOCALS~1\Temp\ramcewnoxs.tmp"]
< Run [HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\] > -> HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "IJKUK66HMN" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cfz.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cfz.exe]
YY -> "NtWqIVLZEWZU" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cf3.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cf3.exe]
YY -> "SMH2B46TDP" -> C:\Documents and Settings\Owner\Local Settings\Temp\Cfy.exe [C:\DOCUME~1\Owner\LOCALS~1\Temp\Cfy.exe]
[Files/Folders - Created Within 30 Days]
NY -> Cwufea.exe -> C:\WINDOWS\Cwufea.exe
NY -> Server -> C:\Documents and Settings\All Users\Documents\Server
[Files/Folders - Modified Within 30 Days]
NY -> {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
NY -> {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
NY -> YUZTJV.job -> C:\WINDOWS\tasks\YUZTJV.job
NY -> Cwufea.exe -> C:\WINDOWS\Cwufea.exe
[Files - No Company Name]
NY -> fixme.reg -> C:\Documents and Settings\Owner\Desktop\fixme.reg
NY -> {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
NY -> {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
NY -> YUZTJV.job -> C:\WINDOWS\tasks\YUZTJV.job
[File - Lop Check]
NY -> YUZTJV.job -> C:\WINDOWS\Tasks\YUZTJV.job
NY -> {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
NY -> {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job -> C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#5
togatown
Posted 26 October 2010 - 04:12 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I ran the fix. See the log below. Still can't connect to the internet. It recognizes the wireless signal but will not connect...

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Prefs.js: "proxy" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "proxy" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "proxy" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "proxy" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "proxy" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ramcewnoxs.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ramcewnoxs.tmp moved successfully.
Registry value HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IJKUK66HMN deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\Cfz.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NtWqIVLZEWZU deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\Cf3.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1819960671-3660475524-142641703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMH2B46TDP deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\Cfy.exe moved successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\Cwufea.exe moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Documents\Server scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\YUZTJV.job moved successfully.
File C:\WINDOWS\Cwufea.exe not found!
[Files - No Company Name]
C:\Documents and Settings\Owner\Desktop\fixme.reg moved successfully.
File C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found!
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found!
File C:\WINDOWS\tasks\YUZTJV.job not found!
[File - Lop Check]
File C:\WINDOWS\Tasks\YUZTJV.job not found!
File C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found!
File C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found!
[Custom Items]
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 366372059 bytes
->Temporary Internet Files folder emptied: 689306 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65012680 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 477184 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91244544 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 505.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.0 fix logfile created on 10262010_175651

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\All Users\Documents\Server scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_834.dat not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\All Users\Documents\Server scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_834.dat not found!

Registry entries deleted on Reboot...
  • 0

#6
Essexboy
Posted 26 October 2010 - 04:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is one element there that does not want to go

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
togatown
Posted 26 October 2010 - 07:10 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I'm having trouble with this. I downloaded ComboFix, loaded it onto a flash drive and saved it to the desktop of the infected machine. I disabled Ad-Aware and Symantec and ran ComboFix. It did not detect Microsoft Windows Recovery Console so I went ahead with the scan without downloading it since I don't have an internet connection. It says it's about to run the scan and says it could take 10 minutes or more than double that if the machine is heavily infected. I ran it once and let it go for 40 minutes but it never made it past that screen. I couldn't even force quit the app so I shut down manually. I reloaded ComboFix and tried running it again...this time for over an hour and a half and same issue. Wouldn't get past the blue screen where it says it may take 10 minutes to scan. It won't let me close the app either so I just have to hit the power button.

Am I doing something wrong?
  • 0

#8
Essexboy
Posted 27 October 2010 - 11:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix may require the recovery console to do its job

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#9
togatown
Posted 27 October 2010 - 05:33 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I am running XP Pro with SP3 so I downloaded the XP Pro SP2 file from the microsoft link you gave me. Dragged and dropped it onto ComboFix after saving to my desktop. It installed the recovery console and then started to run combofix but hung on the same blue screen as before where it says it will take 10 minutes to scan files or more. It took about 40 minutes and didn't change screens. I tried removing combofix and the recovery console file and reloading them and ran it again but that didn't work. I disable both ad-aware and symantec endpoint protection and then actually uninstalled them both from my machine and ran it again but same result. Just won't seem to do the actual scan. When I drag and drop onto combofix now it does say that it detects that I have already installed the recovery file and then says to click "ok" and gives me a message of aborting processes or something to that effect. After I click ok however it still attempts to run the scan but it hangs at the same spot. Not sure what to do now.
  • 0

#10
Essexboy
Posted 28 October 2010 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That would suggest to me that something is hiding - lets see if we can find it

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post
  • 0

Advertisements

#11
togatown
Posted 28 October 2010 - 05:17 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I couldn't run the auto update because my machine still won't connect to the internet but I did run the two checks and have attached the .zip file logs to this reply. ...still no internet access though.

Attached Files


  • 0

#12
Essexboy
Posted 29 October 2010 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Although I saw no malware I did find this

Dell Wireless WLAN Card Driver Not started

Can you start this driver ? If you do not know how could you tell me the make and model of your computer and I will check it out. We will now investigate your system

Please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    System Info
Services
Boot Check
Tasklist
Startup Items
Event Log
Ipconfig
Ping
Netstat
Hosts file
Shares
Routing Table
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.
  • 0

#13
Essexboy
Posted 03 November 2010 - 03:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Essexboy
Posted 03 November 2010 - 04:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Could you post the Sino log please
  • 0

#15
togatown
Posted 03 November 2010 - 05:07 PM

togatown

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I am having trouble running SINO. I downloaded it and saved it to the infected computer's desktop, extracted it and ran the application. It just gives me a popup that says Errors Occurred: See the logfile C:\...\\...\...\SINO\SINO.exe for details

Here is the log that it gives me...

Traceback (most recent call last):
File "SINO.py", line 956, in <module>
File "SINO.py", line 43, in __init__
File "SINO.py", line 756, in update
File "httplib.pyc", line 866, in request
File "httplib.pyc", line 889, in _send_request
File "httplib.pyc", line 860, in endheaders
File "httplib.pyc", line 732, in _send_output
File "httplib.pyc", line 699, in send
File "httplib.pyc", line 667, in connect
socket.gaierror: (11001, 'getaddrinfo failed')

Would the report from before say that my Dell wireless card driver was turned off if I had disabled radio? I just turned it off because my home wireless network is setup to connect automatically but since it can never acquire an IP address it just constantly tries to connect and continually gives me messages saying it was unable to connect. I just turned it off so I wouldn't have to keep seeing the messages. I just enabled it again. If the error you read is something different - please let me know how to start the driver. My computer is a Dell Inspiron 1525
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP