Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups using Firefox

Started by gt0279a , Jun 23 2011 07:30 PM

  • This topic is locked This topic is locked

#1
gt0279a
Posted 23 June 2011 - 07:30 PM

gt0279a

    New Member

  • Member
  • Pip
  • 8 posts
Hello there, I just noticed some random popups when going to regular websites such as google, etc.

I am using firefox on an XP machine. I found your website and ran the 'otl' program as instructed.

Please let me know what to do, thanks!

OTL logfile created on: 6/23/2011 9:19:56 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 677.25 Mb Available Physical Memory | 66.27% Memory free
2.41 Gb Paging File | 2.18 Gb Available in Paging File | 90.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 10.40 Gb Free Space | 13.97% Space Free | Partition Type: NTFS

Computer Name: DIM24OFFICE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 21:12:12 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/30 07:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2004/10/04 20:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2004/09/25 01:37:42 | 001,691,648 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2002/09/04 17:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [1998/11/24 09:21:18 | 000,546,304 | ---- | M] (Brøderbund Software) -- C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/23 21:12:12 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/01/30 07:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2003/03/10 01:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/04 17:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV - [2006/09/01 16:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys -- (LBeepKE)
DRV - [2006/07/19 16:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2006/07/19 16:27:46 | 000,055,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2006/07/19 16:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/04/23 08:34:34 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\libusb0.sys -- (libusb0)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/04 19:57:16 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111nd5.sys -- (wg111nd5)
DRV - [2004/10/04 19:57:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/10/04 19:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/09/25 04:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 04:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 04:32:40 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/09/25 04:29:52 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/09/25 04:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 04:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 04:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 04:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/07/16 04:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2004/03/08 15:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/08/29 07:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 21:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/01 17:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2002/09/04 17:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "www.altavista.com"
FF - prefs.js..extensions.enabledItems: {5D558C43-550F-4b12-84AB-0D8ABDA9F975}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 10:07:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 10:07:45 | 000,000,000 | ---D | M]

[2009/03/20 23:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/27 10:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions
[2010/07/30 10:14:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/21 09:38:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/03/21 09:38:05 | 000,000,000 | ---D | M] (ViewInFirefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}
[2011/03/27 10:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/09/12 10:18:19 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2009/05/19 20:20:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/11/23 13:49:46 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O3 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE (Brøderbund Software)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems Nike VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open Link Target in Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html ()
O8 - Extra context menu item: Post Image to Blog - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Tag This Image - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Transload Image to ImageShack - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Upload All Images to ImageShack - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Upload Image to ImageShack - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: View This Page in Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} http://toolbar.image...hackToolbar.cab (ImageShack Toolbar)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1120960331984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/05 23:33:25 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{32da253d-5ce5-11dd-93b3-000fb591a26f}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 21:12:07 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/23 20:54:14 | 000,645,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2011/06/23 20:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Adobe.Creative.Suite.Premium.2.crack
[2011/06/19 10:55:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/06 13:18:12 | 000,747,008 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Indeo4.qtx
[2011/06/06 13:18:12 | 000,596,992 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\rave.dll
[2011/06/06 13:18:12 | 000,253,952 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QD3D_IR2.q3x
[2011/06/06 13:18:12 | 000,202,240 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTime.cpl
[2011/06/06 13:18:12 | 000,126,976 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\3DViewer.dll
[2011/06/06 13:18:12 | 000,044,032 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QD3DCustomElements.q3x
[2011/06/06 13:18:11 | 002,124,288 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTimeMusicalInstruments.qtx
[2011/06/06 13:18:11 | 000,969,216 | ---- | C] (Apple Computer Inc.) -- C:\WINDOWS\System32\qd3d.dll
[2011/06/06 13:17:12 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/06/03 13:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Disney Interactive
[2011/06/03 13:06:34 | 000,000,000 | ---D | C] -- C:\DISNEY
[2011/06/02 13:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Wonders
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 21:17:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 21:17:35 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/23 21:12:12 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/23 20:54:14 | 000,645,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2011/06/23 20:44:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 20:40:21 | 000,159,085 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Adobe.Creative.Suite.Premium.2.crack.zip
[2011/06/23 15:15:55 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2011/06/19 10:56:49 | 000,563,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/19 10:56:49 | 000,120,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 10:42:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 19:03:40 | 000,159,075 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\groupon.pdf
[2011/06/07 14:14:57 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Puzzle Play Dot-to-Dots.lnk
[2011/06/06 13:21:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\EReg077.dat
[2011/06/04 23:56:27 | 001,584,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0598.JPG
[2011/06/04 23:56:18 | 001,216,301 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0597.JPG
[2011/06/04 23:56:05 | 001,214,782 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0596.JPG
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 20:40:20 | 000,159,085 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Adobe.Creative.Suite.Premium.2.crack.zip
[2011/06/09 19:03:40 | 000,159,075 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\groupon.pdf
[2011/06/07 14:14:57 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Puzzle Play Dot-to-Dots.lnk
[2011/06/04 23:56:27 | 001,584,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0598.JPG
[2011/06/04 23:56:18 | 001,216,301 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0597.JPG
[2011/06/04 23:56:05 | 001,214,782 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0596.JPG
[2011/06/02 13:32:26 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2010/12/07 15:35:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/03 12:40:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/07/11 19:09:44 | 000,287,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/04 20:56:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2009/07/16 08:52:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/05/10 21:40:38 | 000,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/10 21:40:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/10 21:40:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/10 21:40:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2007/09/20 23:09:04 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2007/06/14 00:13:03 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/06/14 00:13:03 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/04/22 14:10:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2007/01/19 00:06:43 | 000,000,040 | ---- | C] () -- C:\WINDOWS\smartvideoconverter.ini
[2007/01/12 21:08:31 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/12 21:08:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/11 21:19:45 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/04 15:41:17 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/04 15:41:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/08 22:46:29 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/04/15 22:20:01 | 000,470,460 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2006/04/14 12:36:33 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/02/26 02:18:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/02/10 05:10:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/02/04 03:23:37 | 000,003,495 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2006/01/27 15:52:41 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/26 19:23:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/10/09 22:43:05 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2005/08/18 22:38:54 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/08/18 22:38:54 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2005/08/18 22:38:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/06/24 02:57:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2005/05/11 03:05:27 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/05/05 23:30:46 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/05/05 02:41:21 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2005/05/04 01:03:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2005/05/04 00:29:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/02 22:35:18 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/02 21:21:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/02 21:01:37 | 000,017,566 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/05/02 20:09:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2005/05/02 18:12:57 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/05/02 18:00:56 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/05/02 18:00:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/05/02 16:45:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/02 16:36:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/02 09:26:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/02 09:25:42 | 001,059,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/22 14:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,563,166 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,120,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/10 01:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/06 15:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 20:04:26 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 20:04:26 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 20:04:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/04 09:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2001/05/03 02:32:55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemoveFiles.exe
[1997/08/23 14:33:24 | 000,022,056 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
gt0279a
Posted 24 June 2011 - 05:44 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Just got a popup on my desktop that a file could not execute because of " blaster32.worm "
  • 0

#3
maliprog
Posted 28 June 2011 - 01:42 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gt0279a and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE (Brøderbund Software)
    O8 - Extra context menu item: Open Link Target in Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html ()
    O8 - Extra context menu item: View This Page in Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html ()
    O33 - MountPoints2\{32da253d-5ce5-11dd-93b3-000fb591a26f}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O37 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1659004503-1708537768-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • AVPTool log
It would be helpful if you could post each log in separate post
  • 0

#4
gt0279a
Posted 28 June 2011 - 07:05 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL would start and then disappear so I had to do it in safe mode.

After rebooting, the computer will not let me run the step 2 malware program, so I will have to run that in safe mode as well.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DSS deleted successfully.
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Link Target in Firefox\ deleted successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\View This Page in Firefox\ deleted successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qh6vn9pf.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32da253d-5ce5-11dd-93b3-000fb591a26f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32da253d-5ce5-11dd-93b3-000fb591a26f}\ not found.
File F:\wd_windows_tools\WDEULA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
G:\LaunchU3.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1659004503-1708537768-839522115-1003_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File rity] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_210251

Edited by gt0279a, 28 June 2011 - 07:09 PM.

  • 0

#5
gt0279a
Posted 28 June 2011 - 07:46 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, so the computer is back so I don't have to go in safe mode, thanks!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

6/28/2011 9:38:39 PM
mbam-log-2011-06-28 (21-38-39).txt

Scan type: Quick scan
Objects scanned: 234475
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\local settings\temp\aexnd64y.exe.part (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#6
gt0279a
Posted 28 June 2011 - 08:14 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
AVPTool log:

Autoscan: stopped 10 minutes ago (events: 5, objects: 878, time: 00:10:10)
6/28/2011 9:52:14 PM Task started
6/28/2011 9:52:24 PM Detected: MEM:Rootkit.Win32.TDSS.fa Unknown application
6/28/2011 9:53:23 PM Cannot be backed up: MEM:Rootkit.Win32.TDSS.fa Unknown application
6/28/2011 10:01:55 PM Detected: MEM:Rootkit.Win32.TDSS.fa System Memory
6/28/2011 10:02:26 PM Task stopped
Disinfect active threats: completed 5 minutes ago (events: 10, objects: 3011, time: 00:04:21)
6/28/2011 10:02:26 PM Task started
6/28/2011 10:02:27 PM Detected: MEM:Rootkit.Win32.TDSS.fa System Memory
6/28/2011 10:02:28 PM Disinfected: MEM:Rootkit.Win32.TDSS.fa System Memory
6/28/2011 10:02:28 PM Disinfected: MEM:Rootkit.Win32.TDSS.fa System Memory
6/28/2011 10:03:38 PM Detected: MEM:Rootkit.Win32.TDSS.fc Unknown application
6/28/2011 10:04:26 PM Cannot be backed up: MEM:Rootkit.Win32.TDSS.fc Unknown application
6/28/2011 10:06:14 PM Detected: Rootkit.Win32.TDSS.mbr \Device\Harddisk0\DR0
6/28/2011 10:06:42 PM Disinfected: Rootkit.Win32.TDSS.mbr \Device\Harddisk0\DR0
6/28/2011 10:06:45 PM Disinfected: Rootkit.Win32.TDSS.mbr \Device\Harddisk0\DR0
6/28/2011 10:06:47 PM Task completed
  • 0

#7
maliprog
Posted 28 June 2011 - 11:06 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gt0279a,

Looks like we removed main infection. How is your system now? Problems?

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#8
gt0279a
Posted 29 June 2011 - 07:40 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seems to be ok so far, thanks.

2011/06/29 21:37:34.0703 3284 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 21:37:35.0140 3284 ================================================================================
2011/06/29 21:37:35.0140 3284 SystemInfo:
2011/06/29 21:37:35.0140 3284
2011/06/29 21:37:35.0140 3284 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/29 21:37:35.0140 3284 Product type: Workstation
2011/06/29 21:37:35.0140 3284 ComputerName: DIM24OFFICE
2011/06/29 21:37:35.0140 3284 UserName: Owner
2011/06/29 21:37:35.0140 3284 Windows directory: C:\WINDOWS
2011/06/29 21:37:35.0140 3284 System windows directory: C:\WINDOWS
2011/06/29 21:37:35.0140 3284 Processor architecture: Intel x86
2011/06/29 21:37:35.0140 3284 Number of processors: 1
2011/06/29 21:37:35.0140 3284 Page size: 0x1000
2011/06/29 21:37:35.0140 3284 Boot type: Normal boot
2011/06/29 21:37:35.0140 3284 ================================================================================
2011/06/29 21:37:36.0390 3284 Initialize success
2011/06/29 21:37:49.0484 0856 ================================================================================
2011/06/29 21:37:49.0484 0856 Scan started
2011/06/29 21:37:49.0484 0856 Mode: Manual;
2011/06/29 21:37:49.0484 0856 ================================================================================
2011/06/29 21:37:50.0250 0856 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/06/29 21:37:51.0046 0856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 21:37:51.0328 0856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 21:37:51.0843 0856 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/29 21:37:52.0140 0856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/29 21:37:52.0437 0856 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/29 21:37:52.0734 0856 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/29 21:37:53.0046 0856 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/29 21:37:54.0593 0856 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/29 21:37:55.0640 0856 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/06/29 21:37:55.0953 0856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 21:37:56.0250 0856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 21:37:56.0796 0856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 21:37:57.0078 0856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 21:37:57.0390 0856 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/06/29 21:37:57.0703 0856 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/29 21:37:58.0015 0856 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/06/29 21:37:58.0312 0856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 21:37:58.0890 0856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 21:37:59.0203 0856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/29 21:37:59.0765 0856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 21:38:00.0062 0856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 21:38:00.0406 0856 Cdr4_xp (681a83e2b0ae8ab723a98a42edb7629a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/06/29 21:38:00.0687 0856 Cdralw2k (8732a257f57aaa718f0c587cf5d0b430) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/06/29 21:38:00.0984 0856 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/06/29 21:38:01.0531 0856 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 21:38:01.0828 0856 cdudf_xp (65a9c15050c06829c8d907dbd39c13e1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/06/29 21:38:02.0953 0856 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/06/29 21:38:03.0250 0856 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/06/29 21:38:04.0046 0856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 21:38:04.0375 0856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 21:38:04.0703 0856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/29 21:38:04.0953 0856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 21:38:05.0265 0856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 21:38:05.0812 0856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 21:38:06.0109 0856 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/29 21:38:06.0421 0856 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/29 21:38:06.0703 0856 DVDVRRdr_xp (668ffa03397aa70aae3bff2c81775a59) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/06/29 21:38:07.0000 0856 dvd_2K (240ea965412f5db3a6e587700c1fe4ea) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/06/29 21:38:07.0343 0856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 21:38:07.0656 0856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 21:38:07.0937 0856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 21:38:08.0234 0856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/29 21:38:08.0531 0856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 21:38:08.0843 0856 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2011/06/29 21:38:09.0109 0856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 21:38:09.0359 0856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 21:38:09.0640 0856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/29 21:38:09.0937 0856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 21:38:10.0250 0856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 21:38:10.0812 0856 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/29 21:38:11.0109 0856 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/29 21:38:11.0390 0856 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/29 21:38:11.0687 0856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 21:38:12.0500 0856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 21:38:12.0812 0856 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/29 21:38:13.0140 0856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 21:38:13.0718 0856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/29 21:38:14.0015 0856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/29 21:38:14.0312 0856 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
2011/06/29 21:38:14.0625 0856 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 21:38:14.0906 0856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 21:38:15.0203 0856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 21:38:15.0500 0856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 21:38:15.0812 0856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 21:38:16.0109 0856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 21:38:16.0406 0856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 21:38:16.0718 0856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 21:38:17.0015 0856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 21:38:17.0312 0856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 21:38:17.0609 0856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 21:38:17.0921 0856 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/29 21:38:18.0218 0856 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/06/29 21:38:18.0531 0856 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/06/29 21:38:19.0359 0856 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
2011/06/29 21:38:19.0671 0856 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/06/29 21:38:19.0953 0856 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/06/29 21:38:20.0281 0856 mmc_2K (26a06fb2315ad15613420054107be520) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/06/29 21:38:20.0562 0856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 21:38:20.0875 0856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 21:38:21.0156 0856 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/29 21:38:21.0468 0856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 21:38:21.0781 0856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 21:38:22.0093 0856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 21:38:22.0671 0856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 21:38:23.0000 0856 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 21:38:23.0375 0856 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/06/29 21:38:23.0703 0856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 21:38:24.0000 0856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 21:38:24.0296 0856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 21:38:24.0593 0856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 21:38:24.0875 0856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 21:38:25.0171 0856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/29 21:38:25.0484 0856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 21:38:25.0781 0856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/29 21:38:26.0078 0856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 21:38:26.0390 0856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/29 21:38:26.0671 0856 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 21:38:26.0968 0856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 21:38:27.0250 0856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 21:38:27.0546 0856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 21:38:27.0828 0856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 21:38:28.0156 0856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 21:38:28.0500 0856 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/29 21:38:28.0812 0856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 21:38:29.0125 0856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 21:38:29.0437 0856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/29 21:38:29.0718 0856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 21:38:30.0000 0856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 21:38:30.0296 0856 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/29 21:38:30.0578 0856 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/06/29 21:38:30.0890 0856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 21:38:31.0187 0856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 21:38:31.0468 0856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 21:38:31.0750 0856 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2011/06/29 21:38:32.0046 0856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 21:38:32.0593 0856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/29 21:38:32.0875 0856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 21:38:34.0734 0856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 21:38:35.0031 0856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/29 21:38:35.0343 0856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 21:38:35.0609 0856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 21:38:35.0906 0856 pwd_2k (55b943f509ed863b86e685aee1445890) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/06/29 21:38:36.0203 0856 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/29 21:38:37.0734 0856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 21:38:38.0031 0856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 21:38:38.0312 0856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 21:38:38.0578 0856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 21:38:38.0875 0856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 21:38:39.0187 0856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 21:38:39.0500 0856 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 21:38:39.0828 0856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 21:38:40.0156 0856 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/29 21:38:40.0484 0856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 21:38:40.0796 0856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 21:38:41.0093 0856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 21:38:41.0406 0856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 21:38:41.0968 0856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/29 21:38:42.0281 0856 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/29 21:38:42.0593 0856 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/29 21:38:43.0140 0856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 21:38:43.0468 0856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 21:38:43.0781 0856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 21:38:44.0093 0856 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/29 21:38:44.0406 0856 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/29 21:38:44.0718 0856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/29 21:38:45.0015 0856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 21:38:45.0328 0856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 21:38:46.0625 0856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 21:38:46.0937 0856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 21:38:47.0265 0856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 21:38:47.0562 0856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 21:38:47.0859 0856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 21:38:48.0171 0856 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/29 21:38:48.0500 0856 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/29 21:38:48.0796 0856 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/29 21:38:49.0093 0856 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/29 21:38:49.0406 0856 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/06/29 21:38:49.0703 0856 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/29 21:38:50.0015 0856 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/29 21:38:50.0328 0856 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/29 21:38:50.0625 0856 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/29 21:38:51.0187 0856 UDFReadr (e3f66ac25ac2a0b7fda19df4651def82) C:\WINDOWS\system32\drivers\UDFReadr.sys
2011/06/29 21:38:51.0515 0856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 21:38:52.0093 0856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 21:38:52.0437 0856 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/29 21:38:52.0734 0856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/29 21:38:53.0015 0856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 21:38:53.0328 0856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 21:38:53.0625 0856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/29 21:38:53.0921 0856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/29 21:38:54.0218 0856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 21:38:54.0515 0856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/29 21:38:54.0796 0856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/29 21:38:55.0406 0856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 21:38:55.0953 0856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 21:38:56.0515 0856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 21:38:56.0828 0856 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
2011/06/29 21:38:57.0203 0856 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/29 21:38:57.0531 0856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/29 21:38:57.0843 0856 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 21:38:58.0140 0856 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 21:38:58.0546 0856 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/29 21:38:58.0890 0856 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/29 21:38:58.0953 0856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/29 21:38:59.0125 0856 Boot (0x1200) (68ebe2cd5efd6804536fbacc6d1ee771) \Device\Harddisk0\DR0\Partition0
2011/06/29 21:38:59.0140 0856 ================================================================================
2011/06/29 21:38:59.0140 0856 Scan finished
2011/06/29 21:38:59.0140 0856 ================================================================================
2011/06/29 21:38:59.0171 1212 Detected object count: 0
2011/06/29 21:38:59.0171 1212 Actual detected object count: 0
  • 0

#9
gt0279a
Posted 29 June 2011 - 09:04 PM

gt0279a

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-29 21:40:20
-----------------------------
21:40:20.359 OS Version: Windows 5.1.2600 Service Pack 3
21:40:20.359 Number of processors: 1 586 0x209
21:40:20.359 ComputerName: DIM24OFFICE UserName: Owner
21:40:20.906 Initialize success
21:41:24.250 AVAST engine defs: 11062900
21:41:33.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:41:33.593 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
21:41:35.625 Disk 0 MBR read successfully
21:41:35.625 Disk 0 MBR scan
21:41:35.625 Disk 0 Windows XP default MBR code
21:41:37.671 Disk 0 scanning sectors +156232125
21:41:37.687 Disk 0 scanning C:\WINDOWS\system32\drivers
21:41:54.203 Service scanning
21:41:55.234 Disk 0 trace - called modules:
21:41:55.265 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:41:55.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
21:41:55.265 3 CLASSPNP.SYS[f7545fd7] -> nt!IofCallDriver -> [0x86f85d78]
21:41:55.265 5 iomdisk.sys[f777dbc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f8db00]
21:41:56.234 AVAST engine scan C:\WINDOWS
22:34:45.265 AVAST engine scan C:\Documents and Settings\Owner
22:47:16.875 File: C:\Documents and Settings\Owner\Desktop\Macshare\Alias.SketchBook.Pro.v2-ARN\Alias.SketchBook.Pro.v2-ARN\arn-nfo.exe **INFECTED** Win32:Malware-gen
23:04:23.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:04:23.015 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#10
maliprog
Posted 29 June 2011 - 11:01 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gt0279a,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
maliprog
Posted 04 July 2011 - 02:44 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP