Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Greendot MoneyPak Virus - UGH! [Solved]


  • This topic is locked This topic is locked

#1
popparex

popparex

    New Member

  • Member
  • Pip
  • 8 posts
So i get home from work today and head to the computer and it won't allow me to use my machine. Obviously, a faked FBI page that from as best i can Google, it appears to be the Green dot moneyPak scam. While i do some programming, i don't do much with systems and registries and such so i could use some help getting rid of this.

I do run Norton antivirus but obviously that's not enough. I have never had to clean this machine due to errors so there likely are additional less obvious issues, but my main goal is to get rid of the moneypak issue. Thanks you greatly for any offer of help!

This is on an older XP SP3 laptop.

I have run the OTL Scan and the OTL.txt log follows:

OTL logfile created on: 1/30/2013 8:15:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.12 Gb Available Physical Memory | 89.41% Memory free
5.33 Gb Paging File | 5.20 Gb Available in Paging File | 97.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.70 Gb Total Space | 180.01 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive D: | 494.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 15.11 Gb Total Space | 15.10 Gb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: POPPALAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 20:13:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/08/11 13:41:02 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/08/11 13:41:02 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/08/11 13:41:02 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/08/11 13:41:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/12/08 07:18:25 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/01 05:09:30 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 10:33:48 | 000,077,312 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\apache-tomcat-7.0.29\bin\tomcat7.exe -- (Tomcat7)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2010/12/01 17:14:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/11 13:41:02 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/08/11 13:41:02 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/08/11 13:41:02 | 000,320,840 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/08/11 13:41:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/08/11 13:41:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/24 04:21:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/04/22 10:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 12:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 14:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/01/22 10:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 10:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/12/29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 09:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/05/16 10:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lxdwcoms.exe -- (lxdw_device)
SRV - [2008/05/16 10:32:56 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2008/04/14 07:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/12/02 05:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/15 04:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130130.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/15 04:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130130.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/11/08 16:27:14 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2012/08/10 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/10 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/10 18:20:08 | 000,251,440 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/08 20:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/08/18 21:54:42 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/11 13:41:04 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/11 13:41:04 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/11 13:41:04 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/11 13:41:04 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/08/11 13:41:02 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/08/11 13:41:02 | 000,038,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WGX.SYS -- (WGX)
DRV - [2009/08/11 13:41:00 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/08/11 13:41:00 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/08/11 13:40:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/11 13:40:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/24 04:12:37 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/04/22 14:15:58 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/10 12:01:16 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/04/02 23:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/24 15:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/16 20:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/16 20:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/22 17:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/01/22 10:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/22 16:27:04 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/11/09 11:42:42 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2001/05/14 17:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 07:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 07:18:27 | 000,000,000 | ---D | M]

[2012/12/08 07:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 21:57:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/08 07:18:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/08 07:18:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/08 07:18:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [capdpwpt] C:\Documents and Settings\Poppa\Local Settings\Application Data\eqaqdikqp\psyvocitssd.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab (Pool Control)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinn...vialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab (WWHearts Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinn...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7EE186-2C77-4E9E-9C85-5C4CCB4674EB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/12 18:43:19 | 000,001,373 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\cd2run.exe -- [2004/07/12 18:43:19 | 000,069,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 20:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2013/01/30 20:08:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/01/30 19:53:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/01/09 03:31:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 20:13:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 20:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1448765309-3722300831-2874936256-1008UA.job
[2013/01/30 19:58:32 | 000,052,659 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/30 19:58:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/30 19:58:03 | 000,052,659 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/30 19:57:44 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/30 19:57:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 19:57:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1448765309-3722300831-2874936256-1008.job
[2013/01/30 18:56:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 23:01:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1448765309-3722300831-2874936256-1008Core.job
[2013/01/29 21:00:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1448765309-3722300831-2874936256-1008.job
[2013/01/09 03:37:16 | 000,694,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 03:37:16 | 000,158,814 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 03:03:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/08 19:59:18 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/24 19:32:55 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/08/27 20:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/08/21 20:21:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2012/06/29 17:32:16 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4B.DLL
[2012/02/15 08:02:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/03 16:56:05 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/02/14 08:11:30 | 000,538,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1448765309-3722300831-2874936256-1008-0.dat
[2011/01/25 22:44:36 | 000,273,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/06/24 04:22:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2008/04/25 16:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 00:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/06/24 04:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/06/24 04:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/06/24 03:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/06/24 04:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/09/11 12:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/06/29 17:32:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/01 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/11/11 20:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/01 15:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2012/10/24 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/11 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
[2010/09/10 18:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2009/06/24 04:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/10/15 12:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/09/11 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/20 13:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/08/02 07:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello popparex and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [capdpwpt] C:\Documents and Settings\Poppa\Local Settings\Application Data\eqaqdikqp\psyvocitssd.exe File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptyjava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4


Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Fix log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\capdpwpt deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: cheryl

User: Default User

User: LocalService

User: NetworkService

User: Poppa
->Java cache emptied: 76917028 bytes

Total Java Files Cleaned = 73.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02012013_163824
  • 0

#4
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: POPPALAPTOP [administrator]

Protection: Disabled

2/1/2013 5:05:57 PM
mbam-log-2013-02-01 (17-05-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257939
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Poppa\Application Data\skype.dat (Trojan.Yakes) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poppa\Local Settings\Temp\-1541170898.exe (Trojan.Yakes) -> Quarantined and deleted successfully.

(end)
  • 0

#5
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
16:47:19.0453 2792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:47:19.0812 2792 ============================================================
16:47:19.0812 2792 Current date / time: 2013/02/01 16:47:19.0812
16:47:19.0812 2792 SystemInfo:
16:47:19.0812 2792
16:47:19.0812 2792 OS Version: 5.1.2600 ServicePack: 3.0
16:47:19.0812 2792 Product type: Workstation
16:47:19.0812 2792 ComputerName: POPPALAPTOP
16:47:19.0812 2792 UserName: Administrator
16:47:19.0812 2792 Windows directory: C:\WINDOWS
16:47:19.0812 2792 System windows directory: C:\WINDOWS
16:47:19.0812 2792 Processor architecture: Intel x86
16:47:19.0812 2792 Number of processors: 2
16:47:19.0812 2792 Page size: 0x1000
16:47:19.0812 2792 Boot type: Safe boot with network
16:47:19.0812 2792 ============================================================
16:47:20.0296 2792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:20.0296 2792 Drive \Device\Harddisk1\DR5 - Size: 0x3C7C00000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:20.0296 2792 ============================================================
16:47:20.0296 2792 \Device\Harddisk0\DR0:
16:47:20.0296 2792 MBR partitions:
16:47:20.0296 2792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5E218, BlocksNum 0x1D166369
16:47:20.0296 2792 \Device\Harddisk1\DR5:
16:47:20.0296 2792 MBR partitions:
16:47:20.0312 2792 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1E3DFC1
16:47:20.0312 2792 ============================================================
16:47:20.0343 2792 C: <-> \Device\Harddisk0\DR0\Partition1
16:47:20.0343 2792 ============================================================
16:47:20.0343 2792 Initialize success
16:47:20.0343 2792 ============================================================
16:47:59.0062 2788 Deinitialize success
  • 0

#6
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks Maliprog for the help so far. I already see improvements!
Awaiting your next commands! :-)
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that but we have work to do. This scan could take up to 5h to finish so please be patient.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#8
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan is running now, but i'd like to offer some clarification.

1.) once i downloaded the tool, it gave me a warning that the DB was out of date. Clicking on UPDATE took me to the same downlaod page so something is odd with their application.
2.) AFter selecting the regions to scan, you must go back tot he automatic scan tab and select START SCAN from there. The big yellow button at the top just shows the DB warning and does not run the scan.

I am running the scan with what it claims is the out of date DB. we'll see what happens.

Thanks again for your help so far!
  • 0

#9
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Virus removaltool output:

Status: Deleted (events: 191)
2/2/2013 9:34:00 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-5076.gen C:\Documents and Settings\Poppa\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20\67ad1894-1857b337 High
2/2/2013 10:37:20 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\MapSearch.old High
2/2/2013 10:37:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Agawam Jr. High.htm High
2/2/2013 10:37:28 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Agawam Middle School.htm High
2/2/2013 10:37:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Ames Field.htm High
2/2/2013 10:37:35 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\AmherstEastST.htm High
2/2/2013 10:37:40 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Anna Dias Field.htm High
2/2/2013 10:37:44 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Anna Dias Fields.htm High
2/2/2013 10:37:48 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Arcanum_Field.htm High
2/2/2013 10:37:54 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\ArchnumField.htm High
2/2/2013 10:37:59 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Baird Middle School.htm High
2/2/2013 10:38:03 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Bay Path College.htm High
2/2/2013 10:38:08 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Belchertown - Cold Springs.htm High
2/2/2013 10:38:14 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Bellamy Middle School.htm High
2/2/2013 10:38:17 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Birchland Park Middle.htm High
2/2/2013 10:38:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Birchland Park School.htm High
2/2/2013 10:38:53 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Brooks Field.htm High
2/2/2013 10:38:57 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\BrooksField.htm High
2/2/2013 10:39:05 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Brown Ellison Fields.htm High
2/2/2013 10:39:23 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\ChaseField.htm High
2/2/2013 10:39:44 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Chicopee Fields.htm High
2/2/2013 10:40:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\ChicopeeRayAshe.htm High
2/2/2013 10:42:06 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Constantino Field.htm High
2/2/2013 10:42:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Cook Field.htm High
2/2/2013 10:42:42 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Crocker Farm Sch Amherst.htm High
2/2/2013 10:42:33 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\CrosierField.htm High
2/2/2013 10:42:50 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Dalton CRA.htm High
2/2/2013 10:43:07 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Deerfield Academy Field.htm High
2/2/2013 10:44:13 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Donahue.htm High
2/2/2013 10:44:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Duggan Middle School.htm High
2/2/2013 10:44:48 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\DYS Center.htm High
2/2/2013 10:44:33 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Eagle Brook School 93.htm High
2/2/2013 10:45:01 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\East Longmeadow.htm High
2/2/2013 10:45:13 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\East Street Annex Field.htm High
2/2/2013 10:46:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Easthampton.htm High
2/2/2013 10:46:27 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Elks Lodge Field.htm High
2/2/2013 10:46:33 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Emery Field.htm High
2/2/2013 10:46:43 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Fausey Field.htm High
2/2/2013 10:46:51 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Forest Park.htm High
2/2/2013 10:47:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Fort River Elementary.htm High
2/2/2013 10:47:05 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Garrity Grove Field.htm High
2/2/2013 10:47:15 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Granby.htm High
2/2/2013 10:47:23 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Green Meadow School.htm High
2/2/2013 10:48:35 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\GreenfieldCC.htm High
2/2/2013 10:48:46 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Grenville Park.htm High
2/2/2013 10:48:52 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Hadley fields.htm High
2/2/2013 10:48:59 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Hampden.htm High
2/2/2013 10:49:06 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Holyoke.htm High
2/2/2013 10:49:13 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\HolyokeElks.htm High
2/2/2013 10:49:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Hubbard Park.htm High
2/2/2013 10:49:27 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Jabbish Brook middle School.htm High
2/2/2013 10:49:34 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Jackson St School.htm High
2/2/2013 10:49:40 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\John Ashley School.htm High
2/2/2013 10:50:50 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\John F. Kennedy Middle School.htm High
2/2/2013 10:51:10 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\KileyMiddleSchool.htm High
2/2/2013 10:51:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Laviolette.htm High
2/2/2013 10:51:06 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\LavioletteFields.htm High
2/2/2013 10:51:17 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Litwin School Field.htm High
2/2/2013 10:51:25 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Litwin School.htm High
2/2/2013 10:51:33 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Longmeadow.htm High
2/2/2013 10:51:45 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Ludlow Polish Club.htm High
2/2/2013 10:51:52 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Ludlow1.htm High
2/2/2013 10:53:10 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Ludlow2.htm High
2/2/2013 10:53:32 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\LudlowBoys&GirlsClub.htm High
2/2/2013 10:53:19 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\LudlowHighSchool.htm High
2/2/2013 10:53:43 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Maple Shade Field.htm High
2/2/2013 10:53:57 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Marshall Roy Field.htm High
2/2/2013 10:54:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Mary Lynch School.htm High
2/2/2013 10:55:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\McMahonSm.htm High
2/2/2013 10:55:40 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Mitchell field holyoke.htm High
2/2/2013 10:55:48 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Monson.htm High
2/2/2013 10:55:57 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Moose Fields.htm High
2/2/2013 10:56:07 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Mt.Tom Box.htm High
2/2/2013 10:56:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\MtTomBox.htm High
2/2/2013 10:56:30 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Mulligan Fields.htm High
2/2/2013 10:56:43 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Nash Field.htm High
2/2/2013 10:58:02 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Nathon Bill Field.htm High
2/2/2013 10:58:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\New Tatham Fields.htm High
2/2/2013 10:58:13 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Nonotuck Park.htm High
2/2/2013 10:58:37 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\North Middle School.htm High
2/2/2013 10:58:49 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\North Road Fields.htm High
2/2/2013 10:58:59 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Orchard Field.htm High
2/2/2013 10:59:08 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Oxbow Fields.htm High
2/2/2013 11:00:18 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Palmer.htm High
2/2/2013 11:00:44 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Palmer2.htm High
2/2/2013 11:00:27 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\PartykaField.htm High
2/2/2013 11:00:37 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Plum Brook fields Amherst.htm High
2/2/2013 11:00:53 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Pop Fielding Field.htm High
2/2/2013 11:01:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Robinson Field.htm High
2/2/2013 11:01:07 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Schiavina Field.htm High
2/2/2013 11:01:17 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\SchoolStFields.htm High
2/2/2013 11:01:23 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Shaw Street Field.htm High
2/2/2013 11:02:35 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Shea Field.htm High
2/2/2013 11:02:55 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Smith Middle School So Hadley.htm High
2/2/2013 11:02:46 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Smith Voc Agricultural.htm High
2/2/2013 11:03:03 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\South Hadley Beach Grounds.htm High
2/2/2013 11:03:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\South Hadley High School.htm High
2/2/2013 11:03:20 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\South Hadley.htm High
2/2/2013 11:03:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Southwick.htm High
2/2/2013 11:03:42 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Springdale Park Holyoke.htm High
2/2/2013 11:04:51 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Springdale Park.htm High
2/2/2013 11:05:19 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\ST. Catherine.htm High
2/2/2013 11:05:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\St. John's Church.htm High
2/2/2013 11:05:09 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Stanley Park.htm High
2/2/2013 11:05:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Sunderland Field 44.htm High
2/2/2013 11:05:41 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Town Farm Fields.htm High
2/2/2013 11:05:49 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Tree Top Park Springfield.htm High
2/2/2013 11:06:02 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\UMass. Amherst.htm High
2/2/2013 11:07:23 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Van Horn Park.htm High
2/2/2013 11:07:52 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Walter Chase Memorial Field.htm High
2/2/2013 11:07:32 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Ware Fields.htm High
2/2/2013 11:07:44 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Water St Field.htm High
2/2/2013 11:08:02 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Water St. Field.htm High
2/2/2013 11:08:13 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\West Spflld Middle School.htm High
2/2/2013 11:08:22 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Westhampton.htm High
2/2/2013 11:08:30 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\White Brook Middle School, Easthampton.htm High
2/2/2013 11:09:45 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\WhiteBrookMiddle.htm High
2/2/2013 11:10:06 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Wilbraham.htm High
2/2/2013 11:09:55 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\WilliamsMiddleSchool.htm High
2/2/2013 11:10:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\Woronoco Fields.htm High
2/2/2013 11:10:41 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\WS Pop Field.htm High
2/2/2013 11:11:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Fields\maps\New Tatham Fields_files\Tatham Fields.htm High
2/2/2013 11:13:45 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\GeneralInfo\ExecBoard.htm High
2/2/2013 11:14:04 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\GeneralInfo\newExecBoard.htm High
2/2/2013 11:17:15 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Links\links.htm High
2/2/2013 11:17:32 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\index.htm High
2/2/2013 11:17:23 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\MTOC_2005.htm High
2/2/2013 11:17:41 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWboys.htm High
2/2/2013 11:17:50 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWGirls.htm High
2/2/2013 11:18:01 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWwildcard.htm High
2/2/2013 11:18:08 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCGRID.htm High
2/2/2013 11:18:19 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\AWARDS2004.htm High
2/2/2013 11:19:28 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\LC-MTOCEligibleLeagueAgreements.htm High
2/2/2013 11:19:33 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\MTOC UMASS HOUSING.htm High
2/2/2013 11:19:39 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\mtocplayoffs.htm High
2/2/2013 11:19:43 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\MTOCRules.htm High
2/2/2013 11:19:49 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWboys_files\sheet001.htm High
2/2/2013 11:19:52 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWboys_files\sheet002.htm High
2/2/2013 11:19:56 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWboys_files\sheet003.htm High
2/2/2013 11:19:59 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWboys_files\tabstrip.htm High
2/2/2013 11:20:03 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWGirls_files\sheet001.htm High
2/2/2013 11:20:07 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWGirls_files\sheet002.htm High
2/2/2013 11:20:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWGirls_files\sheet003.htm High
2/2/2013 11:20:15 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWGirls_files\tabstrip.htm High
2/2/2013 11:20:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWwildcard_files\sheet001.htm High
2/2/2013 11:20:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWwildcard_files\sheet002.htm High
2/2/2013 11:20:27 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWwildcard_files\sheet003.htm High
2/2/2013 11:20:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCDRAWwildcard_files\tabstrip.htm High
2/2/2013 11:21:08 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCGRID_files\sheet001.htm High
2/2/2013 11:21:12 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCGRID_files\sheet002.htm High
2/2/2013 11:21:16 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCGRID_files\sheet003.htm High
2/2/2013 11:21:20 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\MTOC\S2004\2004MTOCGRID_files\tabstrip.htm High
2/2/2013 11:21:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\CRF.htm High
2/2/2013 11:21:28 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\forms.htm High
2/2/2013 11:21:32 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\index.htm High
2/2/2013 11:21:35 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\Ref_Grade8.html High
2/2/2013 11:21:39 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\Ref_Grade9.html High
2/2/2013 11:21:42 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\REQUIREMENTS.htm High
2/2/2013 11:21:45 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\TRF.html High
2/2/2013 11:21:54 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\Waiver.htm High
2/2/2013 11:21:57 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\OnlineForms\ZeroTolerance.htm High
2/2/2013 11:22:02 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\forms.htm High
2/2/2013 11:22:08 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\G8 Course S06.htm High
2/2/2013 11:22:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\G9 Course S06.htm High
2/2/2013 11:23:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\PayScale.htm High
2/2/2013 11:23:47 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\ref schedule post F2005.htm High
2/2/2013 11:23:38 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\RefereeAvailabilityF2006.htm High
2/2/2013 11:24:02 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\RefereeAvailabilityS2006.htm High
2/2/2013 11:24:12 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\referee_avil.htm High
2/2/2013 11:24:22 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\Ref_availability_F2007.htm High
2/2/2013 11:24:32 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\Ref_Availability_F2008.htm High
2/2/2013 11:25:44 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\Ref_Availability_F2009.htm High
2/2/2013 11:26:00 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\Ref_availability_S2007.htm High
2/2/2013 11:25:55 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\Ref_availability_S2008.htm High
2/2/2013 11:26:12 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Referee\~$feree_avil.htm High
2/2/2013 11:26:21 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Reschedules\Reschedules.htm High
2/2/2013 11:26:31 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Teams\teams.htm High
2/2/2013 11:26:38 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\2004 Tournament Ad.htm High
2/2/2013 11:26:47 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\2004TournamentInformationMEMORIAL.htm High
2/2/2013 11:27:55 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\East End Soccer Tournament.htm High
2/2/2013 11:28:05 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\ForstbiteTournament.htm High
2/2/2013 11:28:24 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\map_Caps_Announcement.html High
2/2/2013 11:28:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\Medway Cup 6v6 Tournament.htm High
2/2/2013 11:28:34 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\ref113F2007.htm High
2/2/2013 11:28:43 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\ref114F2007.htm High
2/2/2013 11:28:55 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\Tournament\_notes\MTOC2002GRID#2.htm High
2/2/2013 11:30:10 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\vhsfinal\cited.html High
2/2/2013 11:30:38 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\vhsfinal\glossary.html High
2/2/2013 11:30:19 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\vhsfinal\index.html High
2/2/2013 11:30:58 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Inetpub\FTPRoot\vhsfinal\written.html High
2/2/2013 1:20:10 PM Deleted Trojan program HEUR:Trojan.Script.Generic C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP225\A0138312.old High
Status: Quarantined (events: 1)
2/2/2013 1:20:24 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP218\A0133922.dll High
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi popparex,

Don't worry about updates. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
popparex

popparex

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All set and everything looks good! Thank you for all your help!
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi popparex,

Glad we solve this. Goodbye and stay safe :thumbsup:
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP