Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Malware fraudload: Can`t get rid of it

Started by Stephengoawaymalware , Mar 24 2011 09:42 AM

  • This topic is locked This topic is locked

#1
Stephengoawaymalware
Posted 24 March 2011 - 09:42 AM

Stephengoawaymalware

    New Member

  • Member
  • Pip
  • 5 posts
Good afternoon,

I have some sort of malware on my system which i just can`t shake.
As you will see i never use IE and just soley use firefox.
The problem that i`m faceing is that IE will open up automatically displaying diffrent sites loaded.
I C Cleaned and spy botted in both safe and non-safe mode. and checked my startup. but to no avail.
There where a few cookies and trackers highlighted but one of my many concerns is that during the spy bot it detected : trojan.win32.fruad.load which i have read is not good, and when i ran spy bot in safe mode later on it was still present which i deleted again but have not checked yet if its still there.

Any help will be gratly appriciated.

please find below my OTL Log

Stephen




OTL logfile created on: 24/03/2011 15:05:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 13.35 Gb Free Space | 18.68% Space Free | Partition Type: NTFS

Computer Name: SB | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/24 15:04:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2011/03/24 10:14:43 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011/03/24 10:14:35 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/03/23 09:54:58 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryque.exe
PRC - [2011/03/08 15:34:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/08 12:18:30 | 001,834,280 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2010/11/25 05:01:12 | 002,515,408 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2010/11/24 02:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/10/22 04:10:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/05 06:00:46 | 003,276,800 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\SolidWorks Corp\SolidWorks Workgroup PDM (2)\Vault\pdmwService.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/07/29 12:34:48 | 007,320,872 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2009/05/21 10:34:40 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 03:00:36 | 000,074,928 | ---- | M] (Sapro Systems) -- C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe
PRC - [2008/12/03 11:03:40 | 001,591,808 | R--- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/08 05:16:20 | 003,612,032 | ---- | M] (Virtuoza Software) -- C:\Program Files\FusionDesk\FusionDesk.exe
PRC - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/11/16 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/11/11 18:30:22 | 000,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/09/08 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9LE.EXE
PRC - [2002/09/07 18:23:46 | 000,028,672 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WService.exe
PRC - [2002/09/07 18:23:28 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2002/07/22 16:13:14 | 000,159,744 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
PRC - [2002/06/07 21:29:59 | 000,061,490 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
PRC - [1999/10/22 11:00:32 | 000,043,520 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2011/03/24 15:04:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
MOD - [2010/12/04 06:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/24 10:14:35 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/02/22 11:25:42 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/08 08:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010/11/24 02:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/10/05 06:00:46 | 003,276,800 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Workgroup PDM (2)\Vault\pdmwService.exe -- (PDMWorks Workgroup Server)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/05/29 08:38:32 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2006/07/25 17:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2002/09/07 18:23:28 | 000,040,960 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\system32\drivers\WTSrv.exe -- (WinTabService)
SRV - [2002/07/22 16:13:14 | 000,159,744 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/28 14:53:28 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2011/02/25 21:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/20 09:09:12 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110323.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/20 09:09:11 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110323.035\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/01 05:24:00 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/23 04:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 04:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/18 02:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/16 01:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/09 12:00:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/09 12:00:06 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/09 00:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110317.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/08 15:02:04 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/21 02:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/10 10:31:10 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/08 11:55:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 17:48:40 | 000,098,176 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NBF.SYS -- (Nbf)
DRV - [2002/10/16 18:18:10 | 000,010,930 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2002/09/07 18:25:10 | 000,023,106 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2000/06/13 13:32:02 | 000,015,370 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)
DRV - [2000/02/08 07:55:12 | 000,010,379 | R--- | M] (OLYMPUS Optical Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\olcamudp.sys -- (OlCamudp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {7B498088-C5BD-4FA8-BD19-89D273C8CE3A}:1.9.1
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=60342&qkw="


FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/07 08:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/11 08:41:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/07 09:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{7B498088-C5BD-4FA8-BD19-89D273C8CE3A}: C:\Documents and Settings\Admin\Local Settings\Application Data\{7B498088-C5BD-4FA8-BD19-89D273C8CE3A}\ [2011/03/23 10:00:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011/03/24 10:23:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 15:34:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 15:34:07 | 000,000,000 | ---D | M]

[2008/09/01 07:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/03/24 14:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions
[2009/09/03 12:54:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/18 08:48:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/29 08:20:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/29 08:20:14 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/07/29 08:20:17 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\extensions\[email protected]
[2009/12/17 16:18:22 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\searchplugins\bing.xml
[2010/11/12 12:09:22 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\searchplugins\safesearch.xml
[2009/07/29 08:20:59 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\986ehb6g.default\searchplugins\surf-canyon.xml
[2011/03/24 14:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 10:00:17 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\{7B498088-C5BD-4FA8-BD19-89D273C8CE3A}
[2011/01/07 09:02:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/11 08:41:14 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011/03/24 10:23:04 | 000,000,000 | ---D | M] (Crawler Toolbar) -- C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX
[2008/10/30 15:38:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/06 09:46:10 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2007/12/19 12:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/03/15 09:08:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/15 09:08:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/03/15 09:08:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/15 09:08:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/11/27 15:35:00 | 000,257,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8958 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [\PBB\EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Conisio Login Manager] C:\Program Files\SolidWorks Enterprise PDM\EdmServer.exe (Dassault Systemes SolidWorks Corp.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - HKLM..\Run: [WService] C:\WINDOWS\System32\WService.exe (Tablet Driver)
O4 - HKCU..\Run: [A9YA3MI1CF] C:\Documents and Settings\Admin\Local Settings\Temp\Uzz.exe ()
O4 - HKCU..\Run: [Agula] File not found
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [FusionDesk] C:\Program Files\FusionDesk\FusionDesk.exe (Virtuoza Software)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - HKCU..\Run: [Z7HRPUZG3M] C:\WINDOWS\Uryque.exe ()
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Outlook.lnk = C:\WINDOWS\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\outicon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk = C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\rqRKEUnl: DllName - rqRKEUnl.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/17 10:46:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/29 09:41:41 | 000,000,000 | ---D | M] - C:\AutoFEA -- [ NTFS ]
O33 - MountPoints2\{76130ac3-7760-11de-842d-001320e5746c}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 14:54:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2011/03/24 14:54:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/03/24 10:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crawler Toolbar
[2011/03/24 10:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011/03/24 10:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/03/24 10:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Spyware Terminator
[2011/03/24 10:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator
[2011/03/24 10:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/03/23 12:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/23 10:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{7B498088-C5BD-4FA8-BD19-89D273C8CE3A}
[2011/03/09 16:00:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2007/04/16 10:13:26 | 020,409,656 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\FSS_PH60.exe
[2006/09/07 13:25:31 | 013,736,064 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/01/09 16:36:03 | 013,951,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MPSetup.exe
[2001/09/06 14:53:04 | 004,109,813 | ---- | C] (Installshield Software Corporation ) -- C:\Program Files\TDTwebgraphSetup_de.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/24 15:14:02 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/24 14:17:10 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2602796758-2615080031-1496425540-1006UA.job
[2011/03/24 14:16:42 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/24 14:16:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/24 14:13:12 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Microsoft Outlook.lnk
[2011/03/24 14:12:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 14:11:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/24 14:11:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/24 14:11:17 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\NVPR.job
[2011/03/24 14:11:08 | 000,000,198 | ---- | M] () -- C:\PSLOG
[2011/03/24 14:10:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 10:27:41 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/03/24 10:14:33 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/03/23 17:32:03 | 000,014,344 | ---- | M] () -- C:\{92805A28-8AA3-487D-AE1A-9E7C14F76522}
[2011/03/23 16:17:51 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2602796758-2615080031-1496425540-1006Core.job
[2011/03/23 15:12:46 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/23 10:01:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ufiwo.bin
[2011/03/23 10:01:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Obuwunikazubija.dat
[2011/03/23 09:56:14 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryquc.exe
[2011/03/23 09:56:00 | 000,108,544 | RHS- | M] () -- C:\WINDOWS\System32\hnetmonh.dll
[2011/03/23 09:54:58 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryque.exe
[2011/03/23 09:54:58 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryqud.exe
[2011/03/23 09:54:58 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryqub.exe
[2011/03/23 09:54:58 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Uryqua.exe
[2011/03/22 12:47:17 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/03/18 15:27:31 | 000,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Admin.job
[2011/03/18 09:18:51 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/18 09:18:50 | 000,002,314 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2011/03/11 10:37:01 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/03/09 13:34:39 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\driveshaftbd100.SLDPRT
[2011/03/09 13:34:38 | 000,680,960 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\rotordb100.SLDPRT
[2011/03/09 13:17:09 | 000,407,040 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\dc25 stator tie bar 001.SLDDRW
[2011/03/09 13:14:59 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\dc25 stator tie bar 001.SLDPRT
[2011/03/09 13:14:56 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\dc25 drive shaft 001.SLDPRT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 14:13:17 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/24 14:12:49 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/24 10:27:41 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011/03/24 10:14:33 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/03/23 17:32:03 | 000,014,344 | ---- | C] () -- C:\{92805A28-8AA3-487D-AE1A-9E7C14F76522}
[2011/03/23 15:12:45 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/23 10:48:02 | 000,137,728 | ---- | C] () -- C:\WINDOWS\Uryque.exe
[2011/03/23 10:01:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ufiwo.bin
[2011/03/23 10:01:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Obuwunikazubija.dat
[2011/03/23 10:00:40 | 000,137,728 | ---- | C] () -- C:\WINDOWS\Uryqud.exe
[2011/03/23 09:58:45 | 000,137,728 | ---- | C] () -- C:\WINDOWS\Uryquc.exe
[2011/03/23 09:58:26 | 000,137,728 | ---- | C] () -- C:\WINDOWS\Uryqub.exe
[2011/03/23 09:56:15 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\NVPR.job
[2011/03/23 09:56:00 | 000,108,544 | RHS- | C] () -- C:\WINDOWS\System32\hnetmonh.dll
[2011/03/23 09:55:37 | 000,137,728 | ---- | C] () -- C:\WINDOWS\Uryqua.exe
[2011/03/17 08:44:36 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/03 12:02:55 | 000,407,040 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\dc25 stator tie bar 001.SLDDRW
[2011/03/01 15:46:53 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\dc25 stator tie bar 001.SLDPRT
[2011/03/01 10:12:20 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\dc25 drive shaft 001.SLDPRT
[2010/10/21 08:02:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/21 07:57:08 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/03 10:26:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/06/24 16:29:08 | 000,214,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 14:45:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\CHookExt.dll
[2009/09/11 14:52:10 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Ltwnd62n.dll
[2009/09/11 14:52:10 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\Lttwn62n.dll
[2009/09/11 14:52:10 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\Ltthk62w.dll
[2009/09/11 14:52:09 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\Ltann62n.dll
[2009/09/11 14:52:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\Lffax62n.dll
[2009/09/11 14:52:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp62n.dll
[2009/09/11 14:52:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng62n.dll
[2009/09/11 14:52:09 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\Ltimg62n.dll
[2009/09/11 14:52:09 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\Lftif62n.dll
[2009/09/11 14:52:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\Ltfil62n.dll
[2009/09/11 14:52:09 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\Lflma62n.dll
[2009/09/11 14:52:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Lfica62n.dll
[2009/09/11 14:52:09 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx62n.dll
[2009/09/11 14:52:09 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lflmb62n.dll
[2009/09/11 14:52:09 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps62n.dll
[2009/09/11 14:52:09 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfpct62n.dll
[2009/09/11 14:52:09 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfgif62n.dll
[2009/09/11 14:52:09 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp62n.dll
[2009/09/11 14:52:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd62n.dll
[2009/09/11 14:52:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf62n.dll
[2009/09/11 14:52:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga62n.dll
[2009/09/11 14:52:09 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg62n.dll
[2009/09/11 14:52:09 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\Lfimg62n.dll
[2009/09/11 14:52:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfras62n.dll
[2009/09/11 14:52:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp62n.dll
[2009/09/11 14:52:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac62n.dll
[2009/09/11 14:52:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfcal62n.dll
[2009/09/11 14:52:09 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfwfx62n.dll
[2009/09/11 14:52:09 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfpcd62n.dll
[2009/07/13 13:28:29 | 000,080,083 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/07/13 13:28:29 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/07/13 13:28:29 | 000,023,415 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/07/13 13:28:29 | 000,021,374 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/07/13 13:28:29 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/07/13 13:28:29 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/07/13 13:28:29 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/07/13 13:28:29 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/07/13 13:28:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/07/13 13:28:29 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/07/13 13:28:29 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/07/13 13:28:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/07/13 13:28:29 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/07/13 13:28:29 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/07/13 13:28:29 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/07/13 13:28:29 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/07/13 13:28:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/29 09:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/03/19 08:48:32 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/03/19 08:48:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/02/13 16:25:22 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2009/01/08 09:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2009/01/08 09:15:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2008/11/03 14:08:33 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/03 14:08:33 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/03 14:08:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD8860DN.DAT
[2008/11/03 14:07:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2008/11/03 14:07:52 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2008/11/03 14:05:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/11/03 14:05:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/11/03 14:01:47 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/10/30 12:04:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/27 08:52:58 | 000,001,587 | -H-- | C] () -- C:\WINDOWS\f49f4d98.dat
[2008/10/27 08:50:35 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\f49f4daa.dat
[2008/10/27 08:50:26 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bemark2.dat
[2008/10/24 10:46:29 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/10/24 10:46:26 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008/10/06 12:47:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\$_hpcst$.hpc
[2008/08/12 14:18:44 | 000,000,819 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/08/12 13:33:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/11 11:14:17 | 000,641,883 | -HS- | C] () -- C:\WINDOWS\System32\sYJmTvut.ini
[2008/07/04 13:05:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/30 10:29:51 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/10 10:31:10 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2008/04/09 17:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/03/03 11:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/03/03 11:32:27 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/07 06:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/07 06:00:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/07 06:00:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/07 06:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/07 06:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/07 06:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/07 06:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/07 06:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/07 06:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/08 09:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007/10/08 09:12:02 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007/09/19 21:41:16 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007/09/19 20:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007/08/29 14:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/03/23 15:34:42 | 001,597,440 | ---- | C] () -- C:\WINDOWS\stic1690.exe
[2007/02/28 12:03:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER1800.ini
[2007/02/05 13:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 13:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 10:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 10:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 10:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/02 17:29:50 | 000,000,180 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2007/01/02 17:29:50 | 000,000,180 | ---- | C] () -- C:\WINDOWS\LuminancesDlg.ini
[2007/01/02 17:29:50 | 000,000,180 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2006/08/24 14:52:04 | 000,000,658 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/06/13 14:50:15 | 000,002,150 | ---- | C] () -- C:\WINDOWS\FESTO.INI
[2006/03/23 13:15:29 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/25 13:26:03 | 000,000,479 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/01/25 13:26:03 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI
[2006/01/25 13:26:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/25 13:26:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/01/17 10:31:33 | 000,373,760 | ---- | C] () -- C:\WINDOWS\System32\XNMBA450.DLL
[2006/01/17 10:31:33 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\XNMHB450.DLL
[2006/01/17 10:31:33 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\XNMTE450.DLL
[2006/01/17 10:31:33 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\XNMHN450.DLL
[2006/01/10 08:14:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2006/01/09 16:35:57 | 003,258,014 | ---- | C] () -- C:\Program Files\plotupdate.exe
[2006/01/09 15:46:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/01/09 15:33:49 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8314810F15.sys
[2006/01/09 15:33:32 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/09 15:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/01/09 15:28:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2006/01/09 13:49:32 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/01/09 13:39:46 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/09 13:01:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2006/01/09 13:01:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\Psxlpr.ini
[2006/01/09 11:44:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/01/09 11:06:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/05 12:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/05 12:03:48 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/01/05 12:03:47 | 000,003,137 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/05 12:02:51 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/05 11:59:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/05 11:42:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/05 11:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/05 11:42:40 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:27 | 000,118,784 | ---- | C] () -- C:\WINDOWS\_rr_sctct42n.dll
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,463,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,079,146 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87F27901
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
Blade81
Posted 03 April 2011 - 08:54 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • 0

#3
Stephengoawaymalware
Posted 04 April 2011 - 06:44 AM

Stephengoawaymalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Good afternoon,

Thank you for the reply.

Please find attached the files requested.

Cheers

Ste

Attached Files


  • 0

#4
Blade81
Posted 04 April 2011 - 07:55 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi,

DNA

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

  • 0

#5
Stephengoawaymalware
Posted 04 April 2011 - 09:00 AM

Stephengoawaymalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,
Thanks for the fats reply, The DNA P2P is no more.

please find the GMER log below

Cheers

Ste

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-04 15:58:08
Windows 5.1.2600 Service Pack 3
Running: hn75gto3.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT 8A6E8AF0 ZwAlertResumeThread
SSDT 8A6E8BB0 ZwAlertThread
SSDT 8A5F6F10 ZwAllocateVirtualMemory
SSDT 8A2C0650 ZwAssignProcessToJobObject
SSDT 8A26A758 ZwConnectPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xAA5AD996]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB2978720]
SSDT 8A1444D0 ZwCreateMutant
SSDT 8A50B5C0 ZwCreateSymbolicLinkObject
SSDT 89FD0D70 ZwCreateThread
SSDT 8A2C0710 ZwDebugActiveProcess
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwDeleteFile [0xAB5509F8]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB29789A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB2978F00]
SSDT 89FE0EA0 ZwDuplicateObject
SSDT 8A5E9508 ZwFreeVirtualMemory
SSDT 8A709438 ZwImpersonateAnonymousToken
SSDT 8A56B230 ZwImpersonateThread
SSDT 8A261C88 ZwLoadDriver
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xAA5B1500]
SSDT 8A2C5198 ZwMapViewOfSection
SSDT 8A144410 ZwOpenEvent
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAA5ADA5A]
SSDT 8A4C1CE8 ZwOpenProcess
SSDT 8A2B9850 ZwOpenProcessToken
SSDT 89FC1F90 ZwOpenSection
SSDT 8A508158 ZwOpenThread
SSDT 8A4FEC20 ZwProtectVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xAA5B1476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xAA5B13E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xAA5B1412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xAA5B1444]
SSDT 8A299CD8 ZwResumeThread
SSDT 8A5F6E90 ZwSetContextThread
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwSetInformationFile [0xAB550A6C]
SSDT 89FBE380 ZwSetInformationProcess
SSDT 8A4A8368 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB2979150]
SSDT 89FD4F48 ZwSuspendProcess
SSDT 8A5E9488 ZwSuspendThread
SSDT 8A5F1A90 ZwTerminateProcess
SSDT 8A6DF7B8 ZwTerminateThread
SSDT 89FD0D38 ZwUnmapViewOfSection
SSDT 8A6DF838 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 8 Bytes CALL D0D874C1
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 1 Byte [68]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 6 Bytes [48, 4F, FD, 89, 88, 94]
.text ntoskrnl.exe!_abnormal_termination + 447 804E2AB3 1 Byte [8A]
PAGE ntoskrnl.exe!ZwCreateSemaphore + 449 8057BC56 7 Bytes JMP BA3BB0B0
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7638360, 0x32E00D, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB7534F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[472] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F61B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1172] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1172] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1172] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1172] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1284] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\WINDOWS\System32\svchost.exe[1284] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01BC000A
.text C:\WINDOWS\System32\svchost.exe[1284] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 04A0003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 017B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 017C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 02917420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 017A000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71540022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!DispatchMessageW 7E418A01 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!GetWindowRect 7E4290B4 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[1836] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71480022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2636] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2636] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2636] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A87027F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A87027F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A87027F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A87027F

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A773CD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N#P_______________________TK300-08#5&2a84b1a5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
  • 0

#6
Blade81
Posted 04 April 2011 - 11:02 PM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
  • 0

#7
Stephengoawaymalware
Posted 07 April 2011 - 08:56 AM

Stephengoawaymalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Afternoon,

Sorry for the delayed reply.

please find attached logs below

cheers

Stephen

Attached Files


  • 0

#8
Blade81
Posted 07 April 2011 - 10:15 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi again,

Are you aware of these firewall port openings:
"9100:TCP"= 9100:TCP:Printer
"427:UDP"= 427:UDP:SLP
"161:TCP"= 161:TCP:SNMP


Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/index.php?showtopic=297731
Collect::
c:\windows\system32\hnetmonh.dll
File::
c:\windows\Ufiwo.bin


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Adobe Acrobat 4.0 is not supported anymore and should be uninstalled.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
  • 0

#9
Stephengoawaymalware
Posted 12 April 2011 - 08:24 AM

Stephengoawaymalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Good afternoon,

I have closed those ports and have updated as advised.
the eset is still detecting malware as you will see.

what next boss?

cheers

Ste

Attached Files


  • 0

#10
Blade81
Posted 12 April 2011 - 12:18 PM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/topic/297731-suspected-malware-fraudload-cant-get-rid-of-it
Collect::
C:\WINDOWS\oguwavatebiwe.dll
C:\WINDOWS\_rr_sctct42n.dll
File::
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. How's the system running?
  • 0

#11
Blade81
Posted 19 April 2011 - 12:37 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP