Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 Virus/Malware

Started by Husainfive , May 06 2011 11:07 AM

  • This topic is locked This topic is locked

#1
Husainfive
Posted 06 May 2011 - 11:07 AM

Husainfive

    Member

  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 5/6/2011 1:15:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Shahid\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 38.83 Gb Free Space | 30.34% Space Free | Partition Type: NTFS

Computer Name: SHAHID-PC | User Name: Shahid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 13:14:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shahid\Downloads\OTL.exe
PRC - [2011/04/26 07:19:28 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/03/30 10:02:00 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/12/07 11:51:18 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/26 17:08:12 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2010/03/22 09:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/03 09:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 13:14:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Shahid\Downloads\OTL.exe
MOD - [2011/04/11 09:58:08 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/30 10:02:00 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/12/07 11:51:18 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/26 17:08:12 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/28 03:01:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Informatica Secure Agent\infaagent.exe -- (InformaticaSecureAgent)
SRV - [2009/10/05 14:34:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/06 08:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Disabled | Stopped] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslf63604b8)
DRV - File not found [Kernel | System | Running] -- -- (MpKsl80d4bb9d)
DRV - [2011/05/06 09:34:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E62C4551-5936-40BC-B2EA-6D575B0954D8}\MpKsl549b3252.sys -- (MpKsl549b3252)
DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2006/10/09 21:55:00 | 004,428,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 5D AB 19 2C 44 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/10/05 14:42:58 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Shahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Desi Variety
[2011/04/17 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Ali Shakir
[2011/04/15 14:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/12 19:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/04/12 19:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/04/12 19:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2011/05/06 12:37:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 12:37:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 10:18:05 | 009,496,576 | ---- | M] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/06 10:12:21 | 005,533,696 | ---- | M] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/06 09:28:18 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 09:28:18 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 09:22:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 09:22:34 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 09:01:29 | 005,131,776 | ---- | M] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | M] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/05/04 16:17:20 | 000,001,106 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2011/05/03 15:47:34 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/01 09:55:54 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 09:55:54 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 10:49:29 | 006,707,712 | ---- | M] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/29 08:53:53 | 197,922,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 09:33:16 | 003,379,712 | ---- | M] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/23 10:01:07 | 003,728,565 | ---- | M] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/16 08:46:51 | 018,125,824 | ---- | M] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/15 08:14:18 | 004,594,176 | ---- | M] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:41:58 | 004,902,912 | ---- | M] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/15 06:22:31 | 002,339,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/09 18:41:10 | 000,001,407 | ---- | M] () -- C:\Users\Shahid\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 18:34:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/06 14:09:00 | 005,699,584 | ---- | M] () -- C:\Users\Shahid\Documents\Africa_from_above.pps

========== Files Created - No Company Name ==========

[2011/05/06 09:13:00 | 005,533,696 | ---- | C] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/06 08:39:00 | 009,496,576 | ---- | C] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/05 07:50:00 | 005,131,776 | ---- | C] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | C] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/04/29 10:41:59 | 006,707,712 | ---- | C] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/24 16:01:53 | 003,728,565 | ---- | C] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/16 07:57:00 | 018,125,824 | ---- | C] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/16 07:54:00 | 003,379,712 | ---- | C] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/15 07:59:00 | 004,594,176 | ---- | C] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:40:00 | 004,902,912 | ---- | C] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/09 18:34:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/06 14:09:00 | 005,699,584 | ---- | C] () -- C:\Users\Shahid\Documents\Africa_from_above.pps
[2011/03/23 09:23:00 | 000,000,120 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Qkusapev.dat
[2011/03/23 09:23:00 | 000,000,000 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Ikuvamecusur.bin
[2010/11/08 09:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Shahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:00:27 | 000,007,625 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Resmon.ResmonCfg
[2010/07/20 20:43:47 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4152933.exe
[2010/07/20 20:43:42 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4148050.exe
[2010/07/20 20:35:32 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3658005.exe
[2010/07/20 20:35:27 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3653325.exe
[2009/12/15 12:23:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/10 11:22:25 | 000,000,332 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/11/03 17:59:00 | 000,000,043 | ---- | C] () -- C:\Windows\FFS20ChtReg.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,339,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/10/03 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AGI
[2010/09/17 08:36:15 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AstoundStereoExpander
[2011/01/13 11:20:07 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Audacity
[2010/04/14 19:53:04 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AVG9
[2010/09/29 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\BitTorrent
[2010/06/22 12:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Christofer Persson
[2009/10/14 21:53:17 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\COWON
[2011/02/25 07:56:01 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Dropbox
[2010/09/23 07:27:24 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Easy Duplicate Finder
[2010/09/08 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\GetRightToGo
[2011/03/19 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\ImgBurn
[2010/08/17 12:36:44 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Mask Pro 4.0
[2010/10/15 08:49:20 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Moyea
[2010/09/29 22:08:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage PS
[2010/09/29 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage SL
[2011/05/06 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\onOne Software
[2010/07/17 09:26:58 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Rogers Online Protection
[2011/01/11 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\salesforce.com
[2011/02/16 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\SMART Technologies
[2009/10/03 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Temp
[2010/09/30 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\webex
[2009/10/03 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Webshots
[2011/04/09 08:00:12 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98

< End of report >

Edited by Husainfive, 06 May 2011 - 11:28 AM.

  • 0

Advertisements

#2
Essexboy
Posted 06 May 2011 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - a question if I may, why are you still running Avast 4.8 ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Husainfive
Posted 06 May 2011 - 02:17 PM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
AVAST is the security program. If I disable it then I am open to all kinds of viruses. True?




aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 16:08:52
-----------------------------
16:08:52.760 OS Version: Windows 6.1.7600
16:08:52.760 Number of processors: 2 586 0x401
16:08:52.770 ComputerName: SHAHID-PC UserName: Shahid
16:09:04.255 Initialize success
16:09:17.212 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 16:08:52
-----------------------------
16:08:52.760 OS Version: Windows 6.1.7600
16:08:52.760 Number of processors: 2 586 0x401
16:08:52.770 ComputerName: SHAHID-PC UserName: Shahid
16:09:04.255 Initialize success
16:09:17.212 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"
16:10:19.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1
16:10:19.449 Disk 0 Vendor: WDC_WD2500AAKS-00VYA0 12.01B02 Size: 238475MB BusType: 3
16:10:19.465 Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskWDC_WD2500AAKS-00VYA0___________________12.01B02#5&1037d8fe&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
16:10:19.465 Device \Driver\atapi -> DriverStartIo 8595baf1
16:10:21.508 Disk 0 MBR read successfully
16:10:21.508 Disk 0 MBR scan
16:10:21.508 Disk 0 Windows 7 default MBR code
16:10:23.531 Disk 0 scanning sectors +268414020
16:10:23.551 Disk 0 scanning C:\Windows\system32\drivers
16:10:27.111 File C:\Windows\system32\drivers\pci.sys TDL3 **ROOTKIT**
16:10:27.111 Disk 0 trace - called modules:
16:10:27.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8595becc]<<
16:10:27.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a67030]
16:10:27.161 3 CLASSPNP.SYS[88b9a59e] -> nt!IofCallDriver -> \IdeDeviceP1T0L0-1[0x85994908]
16:10:27.281 [0x85d052d8] -> IRP_MJ_CREATE -> 0x8595becc
16:10:27.341 Scan finished successfully
16:10:38.879 Disk 0 MBR has been saved successfully to "C:\Users\Shahid\Desktop\MBR.dat"
16:10:39.139 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 16:08:52
-----------------------------
16:08:52.760 OS Version: Windows 6.1.7600
16:08:52.760 Number of processors: 2 586 0x401
16:08:52.770 ComputerName: SHAHID-PC UserName: Shahid
16:09:04.255 Initialize success
16:09:17.212 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"
16:10:19.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort1
16:10:19.449 Disk 0 Vendor: WDC_WD2500AAKS-00VYA0 12.01B02 Size: 238475MB BusType: 3
16:10:19.465 Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskWDC_WD2500AAKS-00VYA0___________________12.01B02#5&1037d8fe&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
16:10:19.465 Device \Driver\atapi -> DriverStartIo 8595baf1
16:10:21.508 Disk 0 MBR read successfully
16:10:21.508 Disk 0 MBR scan
16:10:21.508 Disk 0 Windows 7 default MBR code
16:10:23.531 Disk 0 scanning sectors +268414020
16:10:23.551 Disk 0 scanning C:\Windows\system32\drivers
16:10:27.111 File C:\Windows\system32\drivers\pci.sys TDL3 **ROOTKIT**
16:10:27.111 Disk 0 trace - called modules:
16:10:27.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8595becc]<<
16:10:27.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a67030]
16:10:27.161 3 CLASSPNP.SYS[88b9a59e] -> nt!IofCallDriver -> \IdeDeviceP1T0L0-1[0x85994908]
16:10:27.281 [0x85d052d8] -> IRP_MJ_CREATE -> 0x8595becc
16:10:27.341 Scan finished successfully
16:10:38.879 Disk 0 MBR has been saved successfully to "C:\Users\Shahid\Desktop\MBR.dat"
16:10:39.139 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"
16:14:00.160 Disk 0 MBR has been saved successfully to "C:\Users\Shahid\Desktop\MBR.dat"
16:14:00.200 The log file has been saved successfully to "C:\Users\Shahid\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 06 May 2011 - 02:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Correct but Avast is currently at version 6 - due to the changes in the engine it would have alerted you to the TDL 3 infection. I can give you a link for the latest version and help you update it :)

OK back to work

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Husainfive
Posted 06 May 2011 - 03:03 PM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Found a rootkit file and cured it. Will restart but I need to mention one other thing not sure if it is related but my IE9 keeps crashing many times a day. Any ideas? Also you wil PLEASE send me the link to a good protection program. I have several running like Malware Emsisoft OneCare and of course AVAST.

Thank you so much I hope this resolves both my problems of search results hijack and audio ad's coming on.
  • 0

#6
Essexboy
Posted 07 May 2011 - 03:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the TDSSKiller log please so that I can determine whether or not the file was cured, also could you run a fresh OTL scan for me please

Download the latest version of Avast from here to your desktop
Download aswclearto your desktop

Disconnect from the internet
Uninstall Avast
Reboot
Run aswclear
Reboot
Install the latest version of Avast that is on your desktop
  • 0

#7
Husainfive
Posted 07 May 2011 - 08:36 AM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Houston we have a problem!

Everything was working well and it seemed that the virus was gone. I Googled and downloaded the FREE version of AVAST from the company website. It scanned the hard drive and found 2 TRJ type files which I asked it to delete. That went well. I shut down the system and this morning when I started up it would not. It gave me options to automatically fix them which I tried it did not work. I tried to use an option which lets you start from a system restore there was a restore point from yesterday I took that option and it did not work, I scanned the memory and that did not work.

I get the balck black window telling me that windows could not start due to a recent hardware software change.

The details it gives are:

Problem Signature
Problem Event Name Startup Repair Offline
Problem signature 01 6.1.760016385
Problem signature 02 6.1.760016385
Problem signature 03 Unknown
Problem signature 04 21201103
Problem signature 05 Autofailover
Problem signature 06 5
Problem signature 07 NoRootCause
OS Version 6.1.7600.2.0.0.256.1
Locale ID 1033

Now I REALLY need help!

Waiting anxiously
  • 0

#8
Husainfive
Posted 07 May 2011 - 08:43 AM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I also ran the startup repair and the report said that it checked a ton of things and all of them gave an Error code 0x0

The only thing of note was

Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
  • 0

#9
Essexboy
Posted 07 May 2011 - 09:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was this after you ran TDSSKiller ?

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPEStd.exe
MD5=83A0648CCEDCB906DFC44DA275C3885C
Size = 98,078,016b / 93.5MB

  • Download OTLPEStd.exe to your desktop
  • Download this scan.txt to a USB drive [attachment=49863:scan.txt]
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#10
Husainfive
Posted 07 May 2011 - 09:41 AM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I went to the System Recovery Options and chose System Restore and chose Windows Update - Critical Update - it ran successfully but the system would not restart. I chose Automatic Restore Point that finished okay but when the system restarted it was back to that black screen.

I started the system and hit F8 and then tried to start in Safe Mode - that did not work. I think we may have a serious problem.

I noticed that your name says Essexboy does this mean that you are in UK? If so please send me your phone number and I will call you and maybe we can walk through the various options. It will be very long and hard working on this problem via this blog. Please help!

Thank you
  • 0

Advertisements

#11
Essexboy
Posted 07 May 2011 - 09:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can work just as easily from the forum as I will be online till later this evening
  • 0

#12
Husainfive
Posted 07 May 2011 - 10:06 AM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I have downloaded the program to CD and went to the link to show me how to boot from the CD but do not understand what it means to hit the delete key . . . . from where? I do not get to the screen it shows? Do I hit F8 and or what?
  • 0

#13
Essexboy
Posted 07 May 2011 - 10:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Insert the cd in the dirve and reboot the computer

You should get the following coming up - press any key to boot from cd

does that prompt appear ?
  • 0

#14
Husainfive
Posted 07 May 2011 - 10:17 AM

Husainfive

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay got it. It was PF12 on my machine (Dell) right now it is booting from the CD . . . . . Starting with an XP logo? Is that normal? I have Win7 loaded.
  • 0

#15
Essexboy
Posted 07 May 2011 - 10:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it is an XP desktop programme
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP