Advertisement
Advertisement
 Search | |
| |
05-Feb-2012, 03:10 PM
#1 | |||||||
| Incredibar Malware Removal please |
05-Feb-2012, 03:15 PM
#2 | |||||||
| |
05-Feb-2012, 03:27 PM
#3 | |||||||
| Download  OTL from any of the following links and save to your Desktop:Link 1 Link 2 Link 3 Link 4
Copy and paste those two logs to next reply, Kevin |
05-Feb-2012, 04:17 PM
#4 | |||||||
| OTL file info here's the info OTL.Txt file: OTL logfile created on: 2/5/2012 2:48:43 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.23 Mb Total Physical Memory | 281.91 Mb Available Physical Memory | 55.14% Memory free 1.21 Gb Paging File | 1.01 Gb Available in Paging File | 83.31% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 52.98 Gb Free Space | 47.40% Space Free | Partition Type: NTFS Computer Name: USER-C0B1791970 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/05 14:47:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2010/08/27 03:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/29 10:57:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe PRC - [2006/11/29 10:57:10 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe PRC - [2004/12/14 19:51:34 | 000,217,088 | ---- | M] (Labtec Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe PRC - [2004/12/14 19:34:18 | 000,192,512 | ---- | M] (Labtec Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe PRC - [2004/12/14 19:19:44 | 000,221,184 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2006/12/10 20:31:12 | 000,087,800 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2006/11/27 01:50:22 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcypp5c.dll MOD - [2006/11/22 08:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll MOD - [2006/11/22 07:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL MOD - [2006/11/22 07:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll MOD - [2006/05/25 14:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010/08/29 01:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010/08/27 03:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2006/11/29 10:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device) SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2010/08/27 03:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak) DRV - [2010/08/27 03:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010/06/09 18:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2009/10/12 17:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009/10/12 17:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1) DRV - [2004/11/30 21:12:28 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/10/11 11:22:02 | 000,211,712 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928) DRV - [2004/10/11 11:18:58 | 000,022,016 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb115?a=6PQnspU477&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6PQnspU477&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/13 16:22:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 16:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/17 02:01:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/28 03:38:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/28 03:38:40 | 000,000,000 | ---D | M] [2010/07/19 10:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2010/07/19 10:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/02/05 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\extensions [2011/06/26 17:25:29 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\askcom.xml [2012/02/04 23:58:55 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\MyStart Search.xml [2011/11/23 20:59:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\scroogle-ssl.xml [2011/11/16 21:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RA8QOHON.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/02/04 16:39:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2006/09/21 14:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2009/03/19 19:07:49 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml [2011/10/07 10:33:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 19:47:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2010/05/06 22:04:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL File not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation) O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe () O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.) O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.) O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe File not found O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = File not found O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KIhtsxiWes = C:\DOCUME~1\user\LOCALS~1\Temp\wJQs.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7266643-43CE-4739-A15D-26CEE19BD39D}: NameServer = 142.161.2.155 142.161.130.155 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21 - SSODL: HlpSrv - {08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (ows\s) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/12/17 16:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{133909bc-cc71-11db-9a41-00112f9a1df5}\Shell - "" = AutoRun O33 - MountPoints2\{133909bc-cc71-11db-9a41-00112f9a1df5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{133909bc-cc71-11db-9a41-00112f9a1df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/05 14:47:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/02/05 13:59:28 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\user\Desktop\SysInfo.exe [2012/02/05 13:28:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2012/02/05 13:27:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HijackThis.exe [2012/02/05 13:22:39 | 004,396,367 | ---- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe [2012/02/05 13:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2012/02/05 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TestApp [2012/02/05 00:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\to get printed [2012/02/04 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tetris [2012/02/04 23:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\The Tetris Game [2012/02/04 23:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\caturday [2012/01/22 01:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Dekovir [2012/01/22 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\GameHouse [2012/01/22 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse [2012/01/22 01:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\GameHouse [2012/01/22 00:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/01/22 00:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2012/01/22 00:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient [2012/01/22 00:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache [2007/09/24 19:25:30 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2007/09/24 19:25:30 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2007/09/24 19:25:30 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll [2007/09/24 19:25:29 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2007/09/24 19:25:29 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2007/09/24 19:25:29 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll [2007/09/24 19:25:29 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2007/09/24 19:25:29 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2007/09/24 19:25:29 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2007/09/24 19:25:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2007/09/24 19:25:28 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycoms.exe [2007/09/24 19:25:28 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyih.exe [2007/09/24 19:25:27 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2007/09/24 19:25:27 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [2007/09/24 19:25:27 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycfg.exe [2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/05 14:47:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/02/05 14:30:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/02/05 13:59:29 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\user\Desktop\SysInfo.exe [2012/02/05 13:53:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/02/05 13:53:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/05 13:53:28 | 536,137,728 | -HS- | M] () -- C:\hiberfil.sys [2012/02/05 13:28:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2012/02/05 13:27:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HijackThis.exe [2012/02/05 13:22:43 | 004,396,367 | ---- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe [2012/02/05 13:03:32 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat [2012/02/04 23:59:36 | 000,000,447 | ---- | M] () -- C:\user.js [2012/02/04 16:26:15 | 000,012,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/29 23:28:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/22 13:18:45 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/22 01:07:03 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Super TextTwist.lnk [2012/01/22 01:02:26 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/04 23:59:30 | 000,000,447 | ---- | C] () -- C:\user.js [2012/02/04 23:58:01 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Tetris.lnk [2012/01/22 01:07:03 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Super TextTwist.lnk [2012/01/22 01:02:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2012/01/22 00:50:18 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk [2012/01/22 00:50:17 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk [2010/10/07 09:55:15 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat [2010/10/07 09:55:15 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat [2010/10/07 09:55:15 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat [2010/10/07 09:54:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010/05/06 17:29:11 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe [2009/04/07 21:42:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI [2009/03/19 18:54:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat [2008/10/01 20:09:09 | 000,085,680 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2007/11/17 21:11:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/11/17 21:11:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/11/17 21:11:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/09/24 19:27:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2007/09/24 19:27:45 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2007/09/24 19:27:26 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2007/09/24 19:27:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2007/09/24 19:27:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2007/09/24 19:27:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2007/09/24 19:27:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2007/09/24 19:25:30 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2007/08/14 18:17:20 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini [2007/08/14 18:02:41 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll [2007/07/26 17:06:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/07/26 17:03:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/05/29 18:40:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2007/04/21 13:42:26 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/03/26 19:39:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2007/03/19 11:59:22 | 000,000,074 | ---- | C] () -- C:\WINDOWS\devqdat7417.dat [2006/11/06 17:56:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2006/09/24 12:43:30 | 000,000,212 | ---- | C] () -- C:\WINDOWS\AcroChallenge.ini [2006/01/28 15:03:41 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2006/01/05 22:25:01 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/11/06 16:57:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2005/11/06 16:57:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2005/10/02 12:33:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\p.dat [2005/10/02 12:33:40 | 000,133,892 | ---- | C] () -- C:\WINDOWS\System32\system.dat [2005/09/10 19:45:40 | 000,000,206 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2005/06/21 23:56:30 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/06/17 02:02:16 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/06/17 01:47:21 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2005/06/17 01:42:35 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe [2005/05/27 22:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ae_mini.INI [2005/05/27 22:42:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\smrpro.INI [2005/05/14 21:38:01 | 000,015,346 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2005/05/14 18:31:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI [2005/05/14 18:31:17 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBRSET.EXE [2005/05/14 18:31:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe [2005/05/14 18:23:03 | 000,000,700 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/05/14 04:10:15 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat [2005/05/08 01:05:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/05/08 00:59:14 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2005/05/08 00:58:58 | 000,006,373 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005/05/07 23:51:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/12/23 18:37:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/12/23 18:36:45 | 000,050,055 | ---- | C] () -- C:\WINDOWS\oformat.com [2004/12/23 18:36:45 | 000,027,357 | ---- | C] () -- C:\WINDOWS\cvtarea.exe [2004/12/17 16:26:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/12/17 16:22:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/12/17 15:19:11 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat [2004/12/17 15:13:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll [2004/12/17 15:12:17 | 000,003,069 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2004/12/17 15:12:16 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2004/12/17 15:08:54 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2004/12/17 08:12:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/12/17 08:11:18 | 000,419,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/10/11 23:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004/10/11 23:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004/10/11 23:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004/10/08 23:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004/10/05 01:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 06:00:00 | 000,380,658 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 06:00:00 | 000,052,880 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2005/05/29 22:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DWA_L [2012/01/22 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2010/12/13 15:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black's Powered by RocketLife [2005/05/14 18:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2008/10/08 22:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bwtapsnk [2010/10/07 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK [2008/10/08 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nsnkxwpu [2006/09/24 09:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2012/01/22 01:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/12/12 22:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan [2009/03/17 18:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/06/12 19:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/18 02:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/15 01:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/04/11 18:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Axara [2006/10/12 13:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitTorrent [2010/10/07 11:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CheckPoint [2012/01/22 01:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dekovir [2005/07/29 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Goodsol [2011/12/18 19:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0 [2005/05/18 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech [2010/10/07 11:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MailFrontier [2012/02/05 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TestApp [2010/07/19 10:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thunderbird [2012/02/05 03:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EVENTVWR.EXE > [2004/08/04 06:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F636FD7E97AB17B8FF9D3FF593833301 -- C:\WINDOWS\system32\dllcache\eventvwr.exe [2004/08/04 06:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F636FD7E97AB17B8FF9D3FF593833301 -- C:\WINDOWS\system32\eventvwr.exe < MD5 for: EXPLORER.EXE > [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2008/04/29 09:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe < MD5 for: SVCHOST.EXE > [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2008/07/01 07:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe < MD5 for: USERINIT.EXE > [2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [2008/07/01 07:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\ope n\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\pro perties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\saf emode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open \command\\: "C:\Program Files\Safari\Safari.exe" [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/04 16:39:03 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\ope n\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\pro perties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\saf emode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/04 16:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 05:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open \command\\: "C:\Program Files\Safari\Safari.exe" [2009/06/08 14:11:50 | 005,110,568 | ---- | M] (Apple Inc.) ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A < End of report > Extras.txt file: OTL Extras logfile created on: 2/5/2012 2:48:44 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.23 Mb Total Physical Memory | 281.91 Mb Available Physical Memory | 55.14% Memory free 1.21 Gb Paging File | 1.01 Gb Available in Paging File | 83.31% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 52.98 Gb Free Space | 47.40% Space Free | Partition Type: NTFS Computer Name: USER-C0B1791970 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\ccapp.exe" = %windir%\system32\ccapp.exe:*:Enabled:System Process "C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing "C:\Program Files\BitTorrent\btdownloadgui.exe" = C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*  isabled:Yahoo! FT Server"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:* isabled:Yahoo! Messenger -- (Yahoo! Inc.)"C:\Program Files\Grisoft\AVG7\avgw.exe" = C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Anti-Virus for Windows "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging) "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard "{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition "{12F367E7-DEEF-4115-A00A-A3EAEF96D9A6}" = ebgcRes "{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20ED157B-1A84-4DF7-945E-4951A38A9CBA}" = iPod Reset Utility "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10 "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75852F49-2CAF-443F-B7C2-53DE5847DE56}" = OpenOffice.org 2.0 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80EFBB50-5B6C-4A9D-AFBC-C7664AFF252F}" = Digital Voice Recorder "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software "{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adult Emoticons and Avatars" = Adult Emoticons and Avatars "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "All ATI Software" = ATI - Software Uninstall Utility "Apophysis 2.0" = Apophysis 2.0 "ATI Display Driver" = ATI Display Driver "Atlas des Sonnensystems" = 3D World Atlas "Avi2Dvd" = Avi2Dvd 0.6.1 "AviSynth" = AviSynth 2.5 "BFGC" = Big Fish Games: Game Manager "Black's Powered by RocketLife" = Black's Powered by RocketLife "Block Checker" = Block Checker 1.0 "CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only) "Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 "CutePDF Writer Installation" = CutePDF Writer 2.7 "DVD Shrink_is1" = DVD Shrink 3.2 "DVD43_is1" = DVD43 v4.6.0 "ffdshow_is1" = ffdshow [rev 3299] [2010-03-03] "FreeCell Wizard_is1" = FreeCell Wizard version 3.0.1 "GoogleVideoPlayer" = Google Video Player "GSpot" = GSpot Codec Information Appliance "HaaliMkx" = Haali Media Splitter "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15 "InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10 "KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full "Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.0 "Lexmark 3400 Series" = Lexmark 3400 Series "Lexmark Fax Solutions" = Lexmark Fax Solutions "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Toolbar" = MSN Toolbar "MyWebSearch bar Uninstall" = My Web Search Bar "Naevius GVI Converter_is1" = Naevius GVI Converter 1.4 "Nero - Burning Rom!UninstallKey" = Nero OEM "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "QcDrv" = Labtec® Camera Driver "RM Converter_is1" = RM Converter 4.12 "Scribus 1.3.3" = Scribus 1.3.3.9 "ShockwaveFlash" = Macromedia Flash Player 8 "Super TextTwist" = Super TextTwist "Tetris Arena" = Tetris Arena "Tetris Revolution_is1" = Tetris Revolution 1.0 "Tetris4000" = Tetris4000 "Triptych_is1" = Triptych "uncare10200" = Care2 Green Thumbs-Up "uTorrent" = µTorrent "VobSub" = VobSub v2.23 (Remove Only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment "WinLiveSuite_Wave3" = Windows Live Essentials "WinMPG VideoConvert_is1" = WinMPG VideoConvert 6.7 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Xvid_is1" = Xvid 1.2.2 final uninstall "ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/31/2011 12:25:39 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4593 Error - 7/31/2011 12:25:41 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/31/2011 12:25:41 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6765 Error - 7/31/2011 12:25:41 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6765 Error - 7/31/2011 12:25:48 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/31/2011 12:25:48 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13218 Error - 7/31/2011 12:25:48 AM | Computer Name = USER-C0B1791970 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13218 Error - 11/10/2011 8:41:07 PM | Computer Name = USER-C0B1791970 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 3090, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/10/2011 8:41:07 PM | Computer Name = USER-C0B1791970 | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error - 11/10/2011 8:41:11 PM | Computer Name = USER-C0B1791970 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 3090, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. [ System Events ] Error - 1/29/2012 8:06:08 PM | Computer Name = USER-C0B1791970 | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 1/29/2012 8:19:37 PM | Computer Name = USER-C0B1791970 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 1/29/2012 8:19:37 PM | Computer Name = USER-C0B1791970 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 1/29/2012 8:32:36 PM | Computer Name = USER-C0B1791970 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 1/29/2012 8:32:36 PM | Computer Name = USER-C0B1791970 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 2/4/2012 6:28:03 PM | Computer Name = USER-C0B1791970 | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/5/2012 5:24:34 AM | Computer Name = USER-C0B1791970 | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/5/2012 2:17:23 PM | Computer Name = USER-C0B1791970 | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/5/2012 3:44:59 PM | Computer Name = USER-C0B1791970 | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/5/2012 3:55:12 PM | Computer Name = USER-C0B1791970 | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 < End of report > |
05-Feb-2012, 04:43 PM
#5 | |||||||
| Ok, do the following: Step 1 Re-Run  by double left click, Vista and Widows 7 users right click and select Run as Administrator.
Step 2  Please download Malwarebytes Anti-Malware and save it to your desktop.Alernative D/L mirror Alternative D/L mirror Double Click mbam-setup.exe to install the application.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Step 3 Download Security Check by screen317 from HERE or HERE. Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see the followingin your reply,
Kevin |
05-Feb-2012, 06:00 PM
#6 | |||||||
| alright, here's the info OTS fix: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "MyStart Search" removed from browser.search.selectedEngine Prefs.js: "http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6PQnspU477&&i=26&search=" removed from keyword.URL C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\askcom.xml moved successfully. C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\MyStart Search.xml moved successfully. C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ra8qohon.default\searchplugins\scroogle-ssl.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFau ltCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSear ch Email Plugin deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearc h Email Plugin deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully. C:\Documents and Settings\user\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\Run\\KIhtsxiWes deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\HlpSrv deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08AA84D9-CBF4-F2DD-3E1A-01F02C470590}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages  ws\s deleted successfully.ADS C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 2046612 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1980560 bytes ->Temporary Internet Files folder emptied: 774264286 bytes User: user ->Temp folder emptied: 52341424 bytes ->Temporary Internet Files folder emptied: 362552974 bytes ->Java cache emptied: 76077965 bytes ->FireFox cache emptied: 71550844 bytes ->Apple Safari cache emptied: 30460928 bytes ->Flash cache emptied: 1992235 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2252395 bytes %systemroot%\System32 .tmp files removed: 1265005 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 494205528 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198492292 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 685085 bytes Total Files Cleaned = 1,974.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02052012_155535 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.05.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user :: USER-C0B1791970 [administrator] Protection: Enabled 2/5/2012 4:19:27 PM mbam-log-2012-02-05 (16-19-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 167973 Time elapsed: 12 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 94 HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCR\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCR\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Adware.ISTBar) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} (Adware.Starware) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} (Adware.Starware) -> Quarantined and deleted successfully. HKCR\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCR\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCU\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKCU\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKCU\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCU\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKCU\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad| SystemCheck2 (Trojan.Agent) -> Data: 0 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 16 C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Detected: 35 C:\Documents and Settings\user\My Documents\Downloads\SoftonicDownloader_for_super-texttwist.exe (PUP.BundleOffer.Downloader.S) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Images\2FB8B50D.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\0224E16D.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\5.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\00032B86 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F10C0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1246.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1360.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1469.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1554.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F163E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1728.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\000F1832.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\00131010.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\00131149.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\00131253.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\028934D6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\028935A1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\0289364D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end) Security Check: Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! iPod Reset Utility ZoneAlarm Extreme Security ``````````````````````````````` Anti-malware/Other Utilities Check: Java(TM) 6 Update 17 Java version out of date! Adobe Flash Player 11.1.102.55 Mozilla Firefox (9.0.1) Mozilla Thunderbird 3.1.2 Thunderbird out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` I have to run out for a bit, so if I'm delayed on my next reply, that's why. (I realize you're probably helping a bunch of people right now, so it probably doesn't matter, but just in case...) A question though (since I scanned all that stuff I just posted and it's looking promising to my untrained eye) -- if this is fixed for my desktop, can I do similar actions for my laptop (but it's far newer and running Windows 7), or do I need to if it isn't connected to the net? And can I transfer the .exe files for this fix to it and run them that way? |
05-Feb-2012, 06:25 PM
#7 | |||||||
| I`m in the UK my friend, local time for me is 11:15 PM, i`ve had some really late ones recently, I do not intend being online late tonight. OK do the following :- Step 1
Step 2 You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.
Let me know if those steps complete OK, also give an update on any remaining issues or concerns. Regarding your laptop, it is never a good idea to use a fix that was designed for a specific system, even if it has similar symptoms. Always run the scans suggested by the stickie at the top of the forum, start a new thread and post the requested logs. |
05-Feb-2012, 10:51 PM
#8 | |||||||
| |
06-Feb-2012, 02:30 AM
#9 | |||||||
| I wasn`t suggesting that you expected me to stay up for you, although I usually do if I know the person i`m helping is still online. I do realize how frustrating it can be trying to get rid of these nuisance applications. I`d had several really late ones recently and was just too tired. Good to hear your system is back to normal for you, If no more issues here are some tips to reduce the potential for malware infection in the future Make proper use of your antivirus and firewall Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important. You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own. Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system. WinPatrol features explained Here You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan* button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....  ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia. Use a safer web browser Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: Firefox, Opera, and Chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer. These browser add-ons will help to make your browser safer: Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Available for Firefox and Internet Explorer. Green to go, Yellow for caution, and Red to stop. Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article. Here a couple of links by two security experts that will give some excellent tips and advice. So how did I get infected in the first place by Tony Klein How to prevent Malware by Miekiemoes Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s. Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint. If you are OK to close hit the “Mark Solved” tab at the top of the thread, Take care, Kevin  |
06-Feb-2012, 03:13 PM
#10 | |||||||
| |
12-Feb-2012, 07:43 PM
#12 | |||||||
| |
12-Feb-2012, 07:49 PM
#13 | |||||||
| |
13-Feb-2012, 09:53 PM
#15 | |||||||
| |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
box at the bottom, paste in the following
button at the top
button.