my debit card info was compromised and i'd like to make sure my co - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

my debit card info was compromised and i'd like to make sure my co

#1 adifrank

  • Group: Member
  • Posts: 148
  • Joined: 04-May 08

Posted 20 April 2012 - 09:11 PM

Yesterday someone made several purchases totaling around $2000 using my debit card information. The good news is that my bank will be refunding the stolen money, my card has been canceled and I'll be issued a new one shortly. But I'm now concerned about how this person or persons obtained my card info. Possibly through some sort of card reader inserted in an ATM machine slot, which I've heard is done sometimes. Possibly my credit card info is in some data base which was hacked. Yet another option is that my computer is infected with something that has been monitoring my online shopping. I don't have much control over the first two options, but I'd definitely like to make sure my 2 laptops are clean. Otherwise, having a new card won't do much good.

I'll start with the laptop I use most. It's a an HP Pavilion g4-1117dx notebook.

below is the OTL logfile. I look forward to your help which has always been great! Thanks!


OTL logfile created on: 20/04/2012 22:56:31 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\IllTellYouLater\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.48 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 47.80% Memory free
6.96 Gb Paging File | 4.87 Gb Available in Paging File | 70.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.07 Gb Total Space | 130.36 Gb Free Space | 45.89% Space Free | Partition Type: NTFS
Drive D: | 13.72 Gb Total Space | 1.53 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: HUMIT | User Name: IllTellYouLater | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 22:55:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\IllTellYouLater\Desktop\OTL.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\IllTellYouLater\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/17 19:17:20 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\IllTellYouLater\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 16:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/03/22 14:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/01/13 22:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/04/28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 19:17:20 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 20:23:42 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/10 19:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 19:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 19:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 19:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 19:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 19:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2009/12/17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/12/30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/12/06 04:50:44 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\FUM\fumcore.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/15 19:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 11:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/17 07:41:36 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/01/13 22:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/01/18 16:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011/09/15 19:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 18:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/12 13:47:05 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/12 13:44:49 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/09/12 13:44:49 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/09/12 13:44:49 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/09/12 13:43:46 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/17 12:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 12:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/03/17 12:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/12 20:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/17 07:41:36 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/02 15:29:08 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS461
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?refresh=1"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IllTellYouLater\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IllTellYouLater\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/12 19:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/12 19:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 19:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/12 13:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\Extensions
[2012/04/06 21:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\Firefox\Profiles\4i4k21su.default\extensions
[2012/01/06 00:30:11 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\Firefox\Profiles\4i4k21su.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/03/03 10:02:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\Firefox\Profiles\4i4k21su.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/13 08:07:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\Firefox\Profiles\4i4k21su.default\extensions\foxmarks@kei.com
[2012/03/17 19:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\HARDREFRESH@TTG.ORG.XPI
() (No name found) -- C:\USERS\ILLTELLYOULATER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I4K21SU.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2012/03/17 19:17:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/12 09:13:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:13:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IllTellYouLater\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\IllTellYouLater\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\IllTellYouLater\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\IllTellYouLater\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\IllTellYouLater\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus (Beta) = C:\Users\IllTellYouLater\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Maps = C:\Users\IllTellYouLater\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\

O1 HOSTS File: ([2011/09/12 22:14:13 | 000,001,128 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S3FFF.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\IllTellYouLater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\IllTellYouLater\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0031F778-382B-4420-B9D4-7EC307794A72}: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F89FF6-917E-405D-96EB-80604DC92700}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 22:55:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\IllTellYouLater\Desktop\OTL.exe
[2012/04/17 21:33:17 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/04/15 13:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/04/14 21:49:31 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\Desktop\EDITED OFFLINE
[2012/04/14 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\Desktop\james_pants-james_pants-2011-fnt_-_www.0daymusic.org
[2012/04/14 09:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/08 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\Documents\2012_04_Keren Text Experiment
[2012/04/08 01:09:53 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\Desktop\rea disk
[2012/03/24 15:30:14 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\Desktop\Broken Kafabe Text for SVA exhibition
[2012/03/22 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\IllTellYouLater\AppData\Roaming\Process Hacker 2
[2012/03/22 22:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012/03/22 22:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2

========== Files - Modified Within 30 Days ==========

[2012/04/20 22:55:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\IllTellYouLater\Desktop\OTL.exe
[2012/04/20 22:34:55 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 22:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 22:11:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1582911838-98252532-686483567-1002UA.job
[2012/04/20 20:47:52 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:47:52 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:44:53 | 000,782,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/20 20:44:53 | 000,662,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/20 20:44:53 | 000,122,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/20 20:44:05 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 20:40:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 20:39:43 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 01:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1582911838-98252532-686483567-1002Core.job
[2012/04/17 22:37:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIllTellYouLater.job
[2012/04/15 14:07:49 | 007,466,716 | ---- | M] () -- C:\Users\IllTellYouLater\Desktop\120415_TextTest_01_Fonts.pdf
[2012/04/15 13:23:42 | 000,001,192 | ---- | M] () -- C:\Users\IllTellYouLater\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/04/14 15:13:12 | 000,002,440 | ---- | M] () -- C:\Users\IllTellYouLater\Desktop\Google Chrome.lnk
[2012/04/14 09:55:22 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/12 00:44:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUMIT$.job
[2012/04/07 15:35:48 | 000,074,582 | ---- | M] () -- C:\Users\IllTellYouLater\Desktop\111016_script_sva.odt
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/25 21:40:09 | 000,072,698 | ---- | M] () -- C:\Users\IllTellYouLater\Desktop\120324_script_sva.odt
[2012/03/22 22:58:54 | 000,001,885 | ---- | M] () -- C:\Users\IllTellYouLater\Desktop\Process Hacker 2.lnk
[2012/03/22 22:38:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/04/15 14:07:43 | 007,466,716 | ---- | C] () -- C:\Users\IllTellYouLater\Desktop\120415_TextTest_01_Fonts.pdf
[2012/04/15 13:23:42 | 000,001,192 | ---- | C] () -- C:\Users\IllTellYouLater\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2012/04/14 09:55:22 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/24 16:09:30 | 000,072,698 | ---- | C] () -- C:\Users\IllTellYouLater\Desktop\120324_script_sva.odt
[2012/03/22 22:54:46 | 000,001,885 | ---- | C] () -- C:\Users\IllTellYouLater\Desktop\Process Hacker 2.lnk
[2012/03/03 18:03:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/02/26 20:40:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/12/09 03:36:31 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2011/11/28 01:46:46 | 000,000,132 | ---- | C] () -- C:\Users\IllTellYouLater\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/24 02:50:20 | 000,001,456 | ---- | C] () -- C:\Users\IllTellYouLater\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/13 02:35:22 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/10/13 02:35:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/10/13 02:35:22 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/10/13 02:35:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/10/13 02:35:22 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/10/13 02:35:22 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/10/13 02:35:22 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/10/13 02:35:22 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/10/13 02:35:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/10/13 02:35:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/10/13 02:35:22 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/10/13 02:35:22 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/10/13 02:35:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/10/13 02:35:22 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/10/13 02:35:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/10/13 02:35:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/19 00:13:10 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/09/19 00:13:10 | 000,003,546 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/15 01:59:19 | 000,000,017 | ---- | C] () -- C:\Users\IllTellYouLater\AppData\Local\resmon.resmoncfg
[2011/09/12 13:47:09 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/09/12 13:44:55 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/05 11:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/04 22:04:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/04 22:02:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/07/04 21:57:23 | 000,776,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/04 21:47:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/14 01:28:02 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/04 00:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2011/10/26 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Audacity
[2011/09/14 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/28 03:41:48 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\cloudstorageexplorer.com
[2012/04/20 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Dropbox
[2011/10/25 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\EPSON
[2012/04/20 22:58:03 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Free Download Manager
[2012/02/26 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\FreeFileSync
[2011/09/25 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\ImgBurn
[2011/09/12 23:21:58 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Launchy
[2011/10/07 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\LibreOffice
[2012/01/11 12:47:52 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\NexusFont
[2011/11/30 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Notepad++
[2011/09/12 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\OpenOffice.org
[2012/03/22 22:58:22 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Process Hacker 2
[2012/02/26 21:23:12 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Publish Providers
[2012/02/26 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\qBittorrent
[2012/02/06 00:19:16 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\REAPER
[2012/03/08 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Sony
[2011/12/11 00:35:42 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/12 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\Synaptics
[2011/09/25 15:04:30 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\TeamViewer
[2011/09/13 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\IllTellYouLater\AppData\Roaming\_MDLogs
[2012/03/24 07:51:45 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
File not found(C:\Users\IllTellYouLater\Desktop\?????? ????? 02.doc) -- C:\Users\IllTellYouLater\Desktop\כרטיסי ביקור 02.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C3306E71

< End of report >

#2 Essexboy

  • Group: GeekU Moderator
  • Posts: 56,087
  • Joined: 31-May 06

Posted 21 April 2012 - 05:33 AM

Hi there, there are two entries within your host file which point to Singapore - did you put them there ?

If not then :

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote

    :OTL
    O1 - Hosts: 127.0.0.1 125.252.224.90
    O1 - Hosts: 127.0.0.1 125.252.224.91
    O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#3 adifrank

  • Group: Member
  • Posts: 148
  • Joined: 04-May 08

Posted 21 April 2012 - 07:01 AM

hi essexboy,
thanks for your email.
i will follow your instructions, but first, i have a question regarding the disabling of MBAM. i have MBAM v. 1.61 installed, but it is the free version, so the Protection Module is not functional. i believe it doesn't have an active antivirus running, unless i tell it to scan the computer. is there any action i should take in this case?
also, i am running Microsoft Security Essentials. any need for action regarding this software before i go ahead with your instructions?

thanks

#4 Essexboy

  • Group: GeekU Moderator
  • Posts: 56,087
  • Joined: 31-May 06

Posted 21 April 2012 - 07:09 AM

Nope if it is the free version then run the fix

#5 Essexboy

  • Group: GeekU Moderator
  • Posts: 56,087
  • Joined: 31-May 06

Posted 25 April 2012 - 02:50 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1