Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware or Virus in svchost.exe?

Started by Fygar , May 13 2011 02:17 PM

  • This topic is locked This topic is locked

#16
heir
Posted 17 May 2011 - 10:59 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's do a couple of scans for leftovers as well

Step 1.
Uninstall unneeded programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Java 2 Runtime Environment, SE v1.4.2_04


Step 2.
Scan with MBAM:

  • Launch Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 4.
Things I would like to see in your reply:

  • The content of the report from MBAM from Step 2.
  • The content of the report from ESET Online Scanner from Step 3.

  • 0

Advertisements

#17
Fygar
Posted 17 May 2011 - 06:13 PM

Fygar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6599

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/17/2011 10:19:25 AM
mbam-log-2011-05-17 (10-19-25).txt

Scan type: Quick scan
Objects scanned: 139490
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Eset log:

C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE Win32/Adware.DSSAgent application cleaned by deleting - quarantined
F:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
F:\Program Set Ups\registryfix.exe a variant of Win32/Adware.ErrorClean application deleted - quarantined
F:\Program Set Ups\registry fix\registryfix.exe a variant of Win32/Adware.ErrorClean application deleted - quarantined
G:\Documents and Settings\Dave\My Documents\Downloads\3gpConverterSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
G:\Documents and Settings\Dave's Documents\postal.exe probably a variant of Win32/Agent.GZODBMX trojan cleaned by deleting - quarantined
K:\Documents and Settings\Dave\My Documents\Downloads\3gpConverterSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
  • 0

#18
heir
Posted 18 May 2011 - 12:05 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please set the computer to do normal startup in msconfig.

Then:


  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in


    msconfig
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
/md5start
nvata.sys
/md5stop
CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


How is your computer running now?
  • 0

#19
Fygar
Posted 18 May 2011 - 01:46 PM

Fygar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OTL logfile created on: 5/18/2011 12:40:05 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 49.11 Gb Free Space | 71.84% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 16.25 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive F: | 44.98 Gb Total Space | 38.06 Gb Free Space | 84.62% Space Free | Partition Type: NTFS
Drive G: | 39.98 Gb Total Space | 28.78 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive H: | 58.59 Gb Total Space | 41.33 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
Drive I: | 37.57 Gb Total Space | 26.75 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
Drive K: | 43.95 Gb Total Space | 29.18 Gb Free Space | 66.40% Space Free | Partition Type: NTFS
Drive M: | 48.83 Gb Total Space | 34.16 Gb Free Space | 69.96% Space Free | Partition Type: NTFS
Drive P: | 68.36 Gb Total Space | 64.94 Gb Free Space | 95.00% Space Free | Partition Type: NTFS

Computer Name: DAVEDESKTOP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 06:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/02 08:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/02 08:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/21 14:47:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/03 23:18:30 | 006,248,960 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
PRC - [2007/08/10 17:12:20 | 000,065,596 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/10/23 23:45:16 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 06:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSC)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/02 08:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/04/21 14:47:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/04 07:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/01 12:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/10/28 21:33:29 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/09 14:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/10/26 01:08:26 | 003,786,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/18 02:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/05 12:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 12:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/08 23:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/06/15 16:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://search.myheri...om/?orig=ds&q="
FF - prefs.js..keyword.enabled: "true"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 19:39:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 11:28:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/29 21:50:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/02 10:16:26 | 000,000,000 | ---D | M]

[2011/05/01 19:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/08/30 18:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/15 06:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\hj0slznq.default\extensions
[2011/05/01 19:56:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\hj0slznq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/13 05:18:59 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\hj0slznq.default\extensions\[email protected]
[2011/05/01 19:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\hj0slznq.default\extensions\nostmp
[2011/05/02 10:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 06:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/10 06:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 10:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/09/29 14:21:44 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/16 23:49:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] P:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKCU..\Run: [AnyDVD] P:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] P:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = P:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - P:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/17 14:09:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/15 10:38:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/17 08:35:10 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2011/05/16 23:42:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/16 23:39:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/16 23:39:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/16 23:39:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/16 23:39:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/16 23:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 23:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 12:21:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 09:50:48 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2011/05/13 07:03:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2011/05/13 05:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/13 05:46:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/05 14:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\laurence
[2011/05/01 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/01 19:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

========== Files - Modified Within 30 Days ==========

[2011/05/18 12:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 08:14:56 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/18 08:14:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/18 08:14:22 | 000,000,081 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/05/18 08:13:53 | 000,061,465 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/18 08:13:53 | 000,000,040 | ---- | M] () -- C:\biosinfo
[2011/05/18 08:13:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 08:13:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 08:05:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/18 05:01:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job
[2011/05/17 09:27:10 | 004,350,228 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/05/17 08:33:13 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\tdsskiller.zip
[2011/05/16 23:49:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 16:19:10 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/16 16:19:10 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/16 12:11:22 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Dave\defogger_reenable
[2011/05/16 12:08:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/16 11:07:36 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RKUnhookerLE.EXE
[2011/05/16 10:57:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Defogger.exe
[2011/05/16 09:58:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2011/05/16 09:10:29 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2011/05/13 11:00:56 | 000,046,652 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Land Stats.jpg
[2011/05/13 06:38:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2011/05/13 05:46:25 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 05:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/04 08:08:26 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\Dave\.java.policy
[2011/05/04 08:06:44 | 000,255,322 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Agency.pdf
[2011/05/01 23:20:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 19:39:27 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/01 19:39:27 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/01 05:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job
[2011/04/26 08:30:14 | 000,100,010 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\AR art.jpg

========== Files Created - No Company Name ==========

[2011/05/18 08:05:51 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/05/17 08:31:28 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\tdsskiller.zip
[2011/05/16 23:42:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/16 23:42:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/16 23:39:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/16 23:39:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 23:39:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/16 23:39:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/16 23:39:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 12:10:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Dave\defogger_reenable
[2011/05/16 11:40:54 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RKUnhookerLE.EXE
[2011/05/16 11:37:19 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/05/16 11:37:19 | 000,001,126 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/05/16 11:37:19 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/05/16 11:02:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Defogger.exe
[2011/05/16 10:02:32 | 000,046,652 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Land Stats.jpg
[2011/05/16 09:58:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2011/05/13 07:22:38 | 004,350,228 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2011/05/04 08:08:26 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Dave\.java.policy
[2011/05/04 08:06:43 | 000,255,322 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Agency.pdf
[2011/05/02 16:19:09 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/02 16:19:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/02 10:16:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/01 23:20:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 19:39:27 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/01 19:39:27 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 19:39:27 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/26 08:30:13 | 000,100,010 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\AR art.jpg
[2011/04/12 17:38:47 | 000,000,290 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2011/01/29 16:14:09 | 000,234,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/11 21:57:56 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/12/25 13:21:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2010/10/28 09:38:55 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/06 18:46:19 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/03/29 18:20:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/01/27 21:34:49 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/04 17:24:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/09 16:31:31 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/09 16:31:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/09 16:31:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/09 16:31:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/09/09 16:31:08 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/05/07 15:00:55 | 000,033,647 | ---- | C] () -- C:\Program Files\gsak.elf
[2009/05/07 15:00:00 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2009/05/07 14:54:34 | 000,022,528 | ---- | C] () -- C:\Program Files\gsak.db3
[2009/05/07 14:54:34 | 000,007,808 | ---- | C] () -- C:\Program Files\gsak.ini
[2009/05/07 14:54:34 | 000,005,120 | ---- | C] () -- C:\Program Files\POST.NSX
[2009/05/07 14:54:34 | 000,000,226 | ---- | C] () -- C:\Program Files\POST.DBF
[2009/05/07 14:54:34 | 000,000,029 | ---- | C] () -- C:\Program Files\dbfindex.bif
[2009/04/19 14:59:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/18 09:09:13 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 23:37:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/04/17 19:25:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/17 18:37:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/17 18:37:11 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/04/17 18:37:07 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/17 18:32:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/04/17 18:26:18 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2009/04/17 18:26:18 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2009/04/17 18:26:18 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2009/04/17 18:26:18 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2009/04/17 18:26:18 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2009/04/17 14:11:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/17 14:06:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/17 06:09:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/17 06:06:49 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/13 23:51:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/13 23:51:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/13 23:51:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/13 23:51:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/13 23:51:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/13 23:51:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/13 23:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/13 23:51:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/13 23:51:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/13 23:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/13 23:51:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 01:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/29 17:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adventure Workshop
[2010/07/08 21:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/07/16 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/27 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/11/06 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/01 08:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/08/03 10:59:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{08F42319-C624-4BFD-ACBF-B2FA4539DB57}
[2011/01/07 16:10:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/04/20 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2011/05/13 21:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CoreFTP
[2010/03/26 07:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CVS
[2010/01/31 12:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GARMIN
[2009/05/01 23:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nvu
[2010/11/06 20:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SimfaticForms
[2010/08/30 18:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Thunderbird
[2010/04/01 08:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Western Digital
[2010/08/03 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WinBatch
[2011/05/18 08:14:56 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/18 05:01:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job
[2011/05/01 05:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2011/05/02 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/03/29 17:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adventure Workshop
[2010/07/08 21:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/18 18:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/18 18:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/16 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/11 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/13 20:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/17 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/17 23:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/10 07:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/10/17 03:03:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/01 19:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/03/27 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/01/27 23:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/10 06:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/06 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/01 08:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/23 15:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/03 10:59:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{08F42319-C624-4BFD-ACBF-B2FA4539DB57}
[2011/01/07 16:10:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/06/10 18:28:44 | 002,481,376 | ---- | M] (MyTopo ) -- C:\Documents and Settings\All Users\Application Data\{08F42319-C624-4BFD-ACBF-B2FA4539DB57}\Setup.exe
[2010/12/03 02:06:07 | 002,985,360 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe
[2011/01/30 13:44:03 | 000,337,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
[2009/07/16 08:37:03 | 000,599,304 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe
[2009/07/16 08:37:07 | 000,626,440 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe
[2009/07/16 08:36:58 | 000,353,544 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
[2011/05/02 08:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2011/05/02 08:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009/09/21 23:29:11 | 000,640,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2011/05/02 08:14:06 | 001,896,192 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2011/05/02 08:14:10 | 001,744,312 | ---- | M] (Lavasoft Limited ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2011/05/02 08:14:16 | 001,252,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2011/04/26 08:37:09 | 000,658,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2011/02/13 17:01:03 | 000,994,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AWSC.exe
[2011/04/18 03:23:39 | 000,016,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2011/05/02 08:14:12 | 001,159,232 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2011/04/22 16:21:24 | 000,707,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
[2011/04/22 16:21:25 | 000,822,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
[2011/05/17 10:15:43 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2009/05/25 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Adobe
[2009/10/19 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Apple Computer
[2011/04/20 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2011/05/13 21:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CoreFTP
[2010/03/26 07:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CVS
[2011/03/24 05:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVD Flick
[2010/01/31 12:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GARMIN
[2009/04/20 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Google
[2009/05/15 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Help
[2009/04/17 14:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Identities
[2009/09/09 16:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InstallShield
[2010/04/13 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Intuit
[2009/04/19 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Jasc Software Inc
[2009/04/18 07:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Macromedia
[2009/04/17 23:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/09/11 13:13:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dave\Application Data\Microsoft
[2009/11/10 17:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Move Networks
[2009/11/23 22:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla
[2009/05/01 23:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nvu
[2010/11/06 20:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SimfaticForms
[2009/04/17 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sun
[2010/08/30 18:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Thunderbird
[2011/05/16 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\U3
[2010/04/01 08:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Western Digital
[2010/10/21 23:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Winamp
[2010/08/03 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WinBatch
[2010/01/28 18:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2009/05/13 20:31:21 | 001,685,856 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
[2009/08/17 21:23:39 | 001,686,744 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\MoveMediaPlayerWin_071504000001.exe
[2009/10/29 21:11:08 | 001,407,680 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
[2009/11/10 17:51:05 | 001,408,800 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
[2009/11/10 17:51:08 | 000,127,325 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\uninstall.exe
[2009/08/13 12:22:34 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010/09/01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\hj0slznq.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2006/05/24 13:36:38 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\U3\temp\cleanup.exe

< %systemroot%\*. /mp /s >


< MD5 for: NVATA.SYS >
[2005/08/18 02:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

< End of report >


OTL Extras logfile created on: 5/18/2011 12:40:05 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 49.11 Gb Free Space | 71.84% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 16.25 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive F: | 44.98 Gb Total Space | 38.06 Gb Free Space | 84.62% Space Free | Partition Type: NTFS
Drive G: | 39.98 Gb Total Space | 28.78 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive H: | 58.59 Gb Total Space | 41.33 Gb Free Space | 70.54% Space Free | Partition Type: NTFS
Drive I: | 37.57 Gb Total Space | 26.75 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
Drive K: | 43.95 Gb Total Space | 29.18 Gb Free Space | 66.40% Space Free | Partition Type: NTFS
Drive M: | 48.83 Gb Total Space | 34.16 Gb Free Space | 69.96% Space Free | Partition Type: NTFS
Drive P: | 68.36 Gb Total Space | 64.94 Gb Free Space | 95.00% Space Free | Partition Type: NTFS

Computer Name: DAVEDESKTOP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "P:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "P:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A62B93E6-2AEA-429B-974F-7F995596148B}" = TurboTax 2010 wazpbpm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
"{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE58C16D-35C9-4887-803E-8DE70220204F}" = Terrain Navigator
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AMP Font Viewer" = AMP Font Viewer
"AnyDVD" = AnyDVD
"AtomTime Pro_is1" = AtomTime Pro 3.1d
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Core FTP LE 2.1" = Core FTP LE 2.1
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyGPS_is1" = EasyGPS 3.03
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mflGameDay_is1" = myfantasyleague.com Game Day 2009
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0PR
"Oxyd® extra_is1" = Oxyd® extra v2.0
"SpeedFan" = SpeedFan (remove only)
"Terrain Navigator Standard Edition" = Terrain Navigator Standard Edition
"TopoFusion" = TopoFusion
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Business 2010" = TurboTax Business 2010
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/9/2009 1:49:46 PM | Computer Name = DAVEDESKTOP | Source = avast! | ID = 33554522
Description =

Error - 8/10/2009 10:00:27 PM | Computer Name = DAVEDESKTOP | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 11:32:32 PM | Computer Name = DAVEDESKTOP | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 11:32:32 PM | Computer Name = DAVEDESKTOP | Source = avast! | ID = 33554522
Description =

Error - 2/1/2010 9:32:13 PM | Computer Name = DAVEDESKTOP | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/28/2011 1:14:52 AM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application MyDefrag.exe, version 4.3.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2011 4:19:50 PM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/2/2011 1:17:04 PM | Computer Name = DAVEDESKTOP | Source = MsiInstaller | ID = 11500
Description = Product: Java™ 6 Update 25 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

Error - 5/7/2011 1:31:33 AM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.9.2.4121, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/9/2011 7:20:24 PM | Computer Name = DAVEDESKTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/12/2011 9:40:18 PM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2011 12:14:37 AM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.9.2.4121, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2011 12:18:25 AM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2011 8:29:07 AM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2011 1:00:43 PM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/18/2011 11:14:01 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/18/2011 11:14:01 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/18/2011 11:14:01 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 5/18/2011 11:14:26 AM | Computer Name = DAVEDESKTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
SmartWare\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed
successfully. .

Error - 5/18/2011 11:14:46 AM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Si3114r5


< End of report >
  • 0

#20
heir
Posted 19 May 2011 - 02:45 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, Fygar !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Posted Image

Second:

Double-click OTL.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL Cleanup.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the Internet.
  • Click Apply then OK.


Second:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Third:
Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls
Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#21
heir
Posted 22 May 2011 - 09:33 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP