Jump to content

Recommended Posts

I had that annoying "Vista Antivirus 2012" on my computer just a few minutes ago. My computer started displaying the "windows needs your permission to open..." window over and over, I couldn't control it; I had to reboot. I ran malewarebytes, updated, scanned, found a few infected objects, clicked "remove," and rebooted. I'm not experiencing any problems now, but I still wanted to post these logs just to be sure this time. I had a similar problem less than a month a ago; in that instance I didn't actually identify the fake scanner itself (not sure if it was antivirus 2012 or not), but I had the same window popping up frantically asking for my permission to proceed with something. It's the same window that pops up when I run programs like malwarebytes or firefox, so the window is normal, but the infection causes it to pop up frantically to where I have to reboot. That time I did the same thing: ran malewarebytes, found some infections, and after removal everything was fine.

I'm worried that maybe this entire time I still had some kind of infection that just wasn't showing any symptoms; and this episode was caused by something hiding on my computer. I don't really understand how viruses work or how safe my system is after using malewarebytes. My case isn't severe, so if you have to prioritize people with more severe infections, take your time. I think I have it under control, I just want some advice as to whether or not I might still have an infection.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26

Run by Jeremy at 6:47:44 on 2011-12-17

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1245 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\jeremy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{539DFFD9-A65A-4A7E-B98F-D63CEA452D90} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jeremy\appdata\roaming\mozilla\firefox\profiles\wak466kp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Zwangi: {DFF722C4-4A11-41A7-9939-C83A06B09897} - c:\program files\mozilla firefox\extensions\{DFF722C4-4A11-41A7-9939-C83A06B09897}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

.

============= SERVICES / DRIVERS ===============

.

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-22 21504]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-17 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9c2201c686ef0;Google Update Service (gupdate1c9c2201c686ef0);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-17 11:45:41 -------- d-----w- c:\users\jeremy\NathalieSet

2011-12-17 11:24:05 325632 ----a-w- c:\users\jeremy\appdata\local\iry.exe

2011-12-16 08:15:24 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9ecad291-ff74-4db8-92ec-71cdc667f946}\offreg.dll

2011-12-16 07:03:57 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9ecad291-ff74-4db8-92ec-71cdc667f946}\mpengine.dll

2011-12-14 23:40:00 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-26 01:28:11 -------- d-----w- c:\program files\Hide My IP

.

==================== Find3M ====================

.

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-09-24 11:50:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-04-20 10:59:29 7349664 ----a-w- c:\program files\FLV PlayerATBSetup.exe

2000-12-08 14:42:14 2154496 ------w- c:\program files\DjVuSolo.exe

.

============= FINISH: 6:50:11.64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Business

Boot Device: \Device\HarddiskVolume1

Install Date: 4/20/2009 3:09:37 AM

System Uptime: 12/17/2011 6:38:17 AM (0 hours ago)

.

Motherboard: COMPAL | | HEL8X

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | U2E1 | 1000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 2.757 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Fingerprint Sensor

Device ID: USB\VID_08FF&PID_2580\5&370FB039&0&2

Manufacturer:

Name: Fingerprint Sensor

PNP Device ID: USB\VID_08FF&PID_2580\5&370FB039&0&2

Service:

.

Class GUID:

Description: PCI FLASH Memory

Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_002014C0&REV_01\4&6D53DFB&0&24F0

Manufacturer:

Name: PCI FLASH Memory

PNP Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_002014C0&REV_01\4&6D53DFB&0&24F0

Service:

.

==== System Restore Points ===================

.

RP999: 12/17/2011 1:44:12 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

AAC Decoder

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Apple Software Update

Applian FLV Player

ASUS WebCam, 1.3M, USB2.0, FF

Authentec WBDI Driver Package

AutoUpdate

Bing Bar

DivX Codec

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DjVu Solo 3.1

ESET Online Scanner v3

ffdshow (remove only)

Free FLV Converter V 6.7.4

Google Chrome

Google Earth

Google Update Helper

Google Updater

H.264 Decoder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Image Grabber II

Inbox Toolbar

IrfanView (remove only)

Java Auto Updater

Java 6 Update 26

JDownloader

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MKV Splitter

Mozilla Firefox (3.6.24)

NVIDIA Drivers

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

The KMPlayer (remove only)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VC80CRTRedist - 8.0.50727.762

VLC media player 1.1.5

WIN7TS

Windows Media Player Firefox Plugin

WinRAR archiver

WinZip 12.1

.

==== End Of File ===========================

Link to post
Share on other sites

It looks like my computer was attacked again. My computer displayed the "windows needs permission to proceed..." popup over and over. I rebooted, ran malwarebytes, and then I saved this log before I had it remove the infected objects. Whatever it is has attacked my computer 3 times in the last month, I can't figure out where it's coming from.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 911122202

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19170

12/22/2011 12:27:52 PM

mbam-log-2011-12-22 (12-27-41)mostrecent

Scan type: Quick scan

Objects scanned: 159967

Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{80730390-5344-2267-3014-721455571877} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Jeremy\AppData\Local\temp\zvo.dll (Trojan.FakeAlert) -> No action taken.

c:\Users\Jeremy\local settings\application data\oij.exe (Trojan.ExeShell.Gen) -> No action taken.

Link to post
Share on other sites

Welcome to the forum.

See if following this guide works.

if not...........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thanks for your response.

I don't know if I've removed all threats entirely with malwarebytes. The only strange behavior right now is that my computer seems to be overheating more rapidly, even when elevated and put to a fan. The problem seems to surface when I'm running internet explorer, I haven't experienced overheating in firefox yet. I'm thinking that maybe there could be processes running that I don't know about also. I can view processes in the tasks manager, but I'm not knowledgeable enough to assess if there's anything abnormal myself. I really just need to know if I'm infected, and maybe some advice regarding the heating issue, and if it's related to any infection.

After running malwarebyes, all other signs of infection are gone. However, I've been through this already, and the problem scanners seem to return. I've had these scanners appear 3 times in the last month, even though I run malwarebytes (after updating), and remove all infected objects. I can't associate it with any of my online activity, I think there might have been something left (undetected by malwarebytes) on my computer since the first scanner appeared about a month ago.

I can only get the OTL.txt log file to appear. The other file Extra.txt does not appear either opened or minimized. I attempted two scans just to make sure. I don't see it anywhere. Here is the OTL.txt file:

OTL logfile created on: 12/22/2011 5:33:02 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.28% Memory free

3.58 Gb Paging File | 2.52 Gb Available in Paging File | 70.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111.79 Gb Total Space | 2.00 Gb Free Space | 1.79% Space Free | Partition Type: NTFS

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 17:17:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Downloads\OTL.exe

PRC - [2011/12/22 17:13:28 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009/05/11 11:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 02:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2011/12/22 17:13:28 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll

MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

========== Driver Services (SafeList) ==========

DRV - [2008/01/19 02:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008/01/18 23:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2007/09/12 04:28:00 | 007,623,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/03/22 14:53:54 | 010,220,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

DRV - [2006/02/16 09:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 17:13:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 17:13:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E452E347-F781-42AD-BCEA-1495CD41DF92}: C:\Users\Jeremy\AppData\Local\{E452E347-F781-42AD-BCEA-1495CD41DF92}

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F96E761B-599F-4ADD-844F-E0D5C06184E9}: C:\Users\Jeremy\AppData\Local\{F96E761B-599F-4ADD-844F-E0D5C06184E9}\

[2011/02/03 04:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions

[2011/12/22 17:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\extensions

[2011/02/27 02:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

[2011/02/03 04:57:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/07 23:37:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/03/13 08:34:51 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\extensions\searchtoolbar@zugo.com

[2011/03/13 08:34:52 | 000,001,919 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\searchplugins\bing-zugo.xml

[2011/06/13 18:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/21 10:49:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011/06/13 18:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009/09/02 21:47:15 | 000,000,000 | ---D | M] (Zwangi) -- C:\Program Files\Mozilla Firefox\extensions\{DFF722C4-4A11-41A7-9939-C83A06B09897}

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/13 17:57:33 | 000,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zwangi121.xml

[2009/09/02 21:47:15 | 000,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zwangi125.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{539DFFD9-A65A-4A7E-B98F-D63CEA452D90}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 14:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/12/22 14:52:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/12/22 13:24:26 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\equation2

[2011/12/22 12:44:41 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\ally

[2011/12/19 10:19:34 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\NewTKS

[2011/12/04 05:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Issue43

[2011/11/25 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP

[2009/06/17 05:58:15 | 002,154,496 | ---- | C] (LizardTech, Inc.) -- C:\Program Files\DjVuSolo.exe

[2005/11/23 13:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll

[4 C:\Users\Jeremy\Desktop\*.tmp files -> C:\Users\Jeremy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 17:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/22 17:13:05 | 000,027,430 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.001

[2011/12/22 17:12:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/22 17:12:33 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/22 17:12:33 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/22 17:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/22 17:12:21 | 2145,378,304 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/22 17:06:48 | 178,975,498 | ---- | M] () -- C:\Users\Jeremy\Desktop\mISsy12-360.wmv

[2011/12/22 17:05:07 | 000,054,272 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/22 17:03:56 | 592,688,859 | ---- | M] () -- C:\Users\Jeremy\Desktop\mISsy12-720.wmv

[2011/12/22 16:57:00 | 000,065,511 | ---- | M] () -- C:\Users\Jeremy\Desktop\missy12.gif

[2011/12/22 16:56:22 | 000,067,579 | ---- | M] () -- C:\Users\Jeremy\Desktop\missy12th1.gif

[2011/12/22 16:56:21 | 000,040,017 | ---- | M] () -- C:\Users\Jeremy\Desktop\missy12th2.gif

[2011/12/22 16:29:49 | 003,132,695 | ---- | M] () -- C:\Users\Jeremy\Desktop\sim004.gif

[2011/12/22 14:52:42 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/12/22 14:15:35 | 000,133,059 | ---- | M] () -- C:\Users\Jeremy\Desktop\eq.jpg

[2011/12/22 13:36:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/12/22 12:57:03 | 000,000,965 | ---- | M] () -- C:\Users\Jeremy\Desktop\mbam-log-2011-12-22 (12-56-52)recent2

[2011/12/22 12:55:45 | 000,001,887 | ---- | M] () -- C:\Users\Jeremy\Desktop\alydesc.rtf

[2011/12/22 12:18:45 | 000,001,546 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\mvyfqw4x8ehs1mvg3nuh1c010r5u

[2011/12/22 12:18:45 | 000,001,546 | -HS- | M] () -- C:\ProgramData\mvyfqw4x8ehs1mvg3nuh1c010r5u

[2011/12/22 07:19:58 | 000,043,371 | ---- | M] () -- C:\Users\Jeremy\Desktop\Newlist.rtf

[2011/12/22 07:17:54 | 000,000,162 | -H-- | M] () -- C:\Users\Jeremy\Desktop\~$w list.rtf

[2011/12/21 00:39:25 | 000,150,839 | ---- | M] () -- C:\Users\Jeremy\apowsnaps.jpg

[2011/12/21 00:24:13 | 000,180,173 | ---- | M] () -- C:\Users\Jeremy\polishbanner.jpg

[2011/12/21 00:03:36 | 104,566,449 | ---- | M] () -- C:\Users\Jeremy\firstlady-WMV-1.wmv

[2011/12/21 00:02:28 | 144,067,941 | ---- | M] () -- C:\Users\Jeremy\Leslie-WMV-1.wmv

[2011/12/20 23:58:46 | 153,121,093 | ---- | M] () -- C:\Users\Jeremy\Pow-WMV-1.wmv

[2011/12/20 23:44:47 | 000,007,883 | ---- | M] () -- C:\Users\Jeremy\Desktop\apow1.jpg

[2011/12/20 23:26:26 | 159,054,063 | ---- | M] () -- C:\Users\Jeremy\JenniDynamic-WMV-1.wmv

[2011/12/20 23:18:28 | 000,000,598 | ---- | M] () -- C:\Users\Jeremy\Desktop\idol.rtf

[2011/12/19 09:41:48 | 000,000,547 | ---- | M] () -- C:\Users\Jeremy\Desktop\WANT LIST DEC.rtf

[2011/12/18 05:09:51 | 018,190,404 | ---- | M] () -- C:\Users\Jeremy\The CORRS - Breathless (HD 480p).mp4

[2011/12/18 04:50:17 | 016,295,849 | ---- | M] () -- C:\Users\Jeremy\Braveheart End.flv

[2011/12/17 06:31:00 | 000,007,884 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\7c57mo6h56m738

[2011/12/17 06:31:00 | 000,007,884 | -HS- | M] () -- C:\ProgramData\7c57mo6h56m738

[2011/12/16 19:27:39 | 000,000,597 | ---- | M] () -- C:\Users\Jeremy\institutional constraints.rtf

[2011/12/16 17:57:24 | 147,344,525 | ---- | M] () -- C:\Users\Jeremy\jan1.wmv

[2011/12/15 17:06:42 | 000,007,966 | ---- | M] () -- C:\Users\Jeremy\Desktop\step.rtf

[2011/12/15 03:53:20 | 000,000,282 | ---- | M] () -- C:\Users\Jeremy\Desktop\youtube smilies.rtf

[2011/12/15 03:25:00 | 000,264,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/12/14 00:40:07 | 000,163,492 | ---- | M] () -- C:\Users\Jeremy\Lol.jpg

[2011/12/14 00:39:12 | 000,154,492 | ---- | M] () -- C:\Users\Jeremy\Lol2.jpg

[2011/12/14 00:38:09 | 000,174,103 | ---- | M] () -- C:\Users\Jeremy\Lol3.jpg

[2011/12/13 17:25:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/12/12 22:08:19 | 000,000,589 | ---- | M] () -- C:\Users\Jeremy\integrals.rtf

[2011/12/12 16:36:11 | 000,000,541 | ---- | M] () -- C:\Users\Jeremy\Desktop\filips list.rtf

[2011/12/12 16:35:45 | 000,004,728 | ---- | M] () -- C:\Users\Jeremy\Desktop\the objections.rtf

[2011/12/08 13:09:08 | 122,455,226 | ---- | M] () -- C:\Users\Jeremy\custom.wmv

[2011/12/05 19:52:25 | 104,704,987 | ---- | M] () -- C:\Users\Jeremy\wah.wmv

[2011/12/05 18:58:03 | 080,612,961 | ---- | M] () -- C:\Users\Jeremy\Back To Back.mp4

[2011/12/05 02:44:24 | 000,041,573 | ---- | M] () -- C:\Users\Jeremy\Desktop\Thread.rtf

[2011/12/03 02:16:57 | 000,000,800 | ---- | M] () -- C:\Users\Jeremy\Desktop\next post.rtf

[2011/12/01 14:01:45 | 000,000,162 | -H-- | M] () -- C:\Users\Jeremy\Desktop\~$nt list.rtf

[2011/12/01 13:23:55 | 000,000,863 | ---- | M] () -- C:\Users\Jeremy\Desktop\want list.rtf

[2011/12/01 01:56:31 | 000,001,500 | ---- | M] () -- C:\Users\Jeremy\Desktop\passwordprop.rtf

[2011/11/30 18:16:41 | 000,033,199 | ---- | M] () -- C:\Users\Jeremy\Desktop\firstprop.rtf

[2011/11/29 23:16:19 | 000,027,430 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.dat

[2011/11/26 16:33:23 | 000,000,599 | ---- | M] () -- C:\Users\Jeremy\

[2011/11/25 22:32:05 | 091,627,478 | ---- | M] () -- C:\Users\Jeremy\Desktop\under_the_bridge.m4v

[4 C:\Users\Jeremy\Desktop\*.tmp files -> C:\Users\Jeremy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 17:06:46 | 178,975,498 | ---- | C] () -- C:\Users\Jeremy\Desktop\mISsy12-360.wmv

[2011/12/22 17:03:10 | 592,688,859 | ---- | C] () -- C:\Users\Jeremy\Desktop\mISsy12-720.wmv

[2011/12/22 16:57:18 | 000,040,017 | ---- | C] () -- C:\Users\Jeremy\Desktop\missy12th2.gif

[2011/12/22 16:57:13 | 000,067,579 | ---- | C] () -- C:\Users\Jeremy\Desktop\missy12th1.gif

[2011/12/22 16:57:09 | 000,065,511 | ---- | C] () -- C:\Users\Jeremy\Desktop\missy12.gif

[2011/12/22 16:29:46 | 003,132,695 | ---- | C] () -- C:\Users\Jeremy\Desktop\sim004.gif

[2011/12/22 14:52:42 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/12/22 14:52:41 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/12/22 14:15:32 | 000,133,059 | ---- | C] () -- C:\Users\Jeremy\Desktop\eq.jpg

[2011/12/22 12:57:03 | 000,000,965 | ---- | C] () -- C:\Users\Jeremy\Desktop\mbam-log-2011-12-22 (12-56-52)recent2

[2011/12/22 12:55:45 | 000,001,887 | ---- | C] () -- C:\Users\Jeremy\Desktop\alydesc.rtf

[2011/12/22 12:18:33 | 000,001,546 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\mvyfqw4x8ehs1mvg3nuh1c010r5u

[2011/12/22 12:18:33 | 000,001,546 | -HS- | C] () -- C:\ProgramData\mvyfqw4x8ehs1mvg3nuh1c010r5u

[2011/12/22 07:17:54 | 000,000,162 | -H-- | C] () -- C:\Users\Jeremy\Desktop\~$w list.rtf

[2011/12/21 00:24:12 | 000,180,173 | ---- | C] () -- C:\Users\Jeremy\polishbanner.jpg

[2011/12/21 00:22:34 | 000,150,839 | ---- | C] () -- C:\Users\Jeremy\apowsnaps.jpg

[2011/12/21 00:03:36 | 104,566,449 | ---- | C] () -- C:\Users\Jeremy\firstlady-WMV-1.wmv

[2011/12/21 00:02:27 | 144,067,941 | ---- | C] () -- C:\Users\Jeremy\Leslie-WMV-1.wmv

[2011/12/21 00:00:06 | 000,007,883 | ---- | C] () -- C:\Users\Jeremy\Desktop\apow1.jpg

[2011/12/20 23:58:46 | 153,121,093 | ---- | C] () -- C:\Users\Jeremy\Pow-WMV-1.wmv

[2011/12/20 23:26:25 | 159,054,063 | ---- | C] () -- C:\Users\Jeremy\JenniDynamic-WMV-1.wmv

[2011/12/20 23:18:24 | 000,000,598 | ---- | C] () -- C:\Users\Jeremy\Desktop\idol.zip

[2011/12/19 09:41:48 | 000,000,547 | ---- | C] () -- C:\Users\Jeremy\Desktop\WANT LIST DEC.rtf

[2011/12/18 05:09:36 | 018,190,404 | ---- | C] () -- C:\Users\Jeremy\The CORRS - Breathless (HD 480p).mp4

[2011/12/18 04:50:17 | 016,295,849 | ---- | C] () -- C:\Users\Jeremy\Braveheart End.flv

[2011/12/17 06:24:05 | 000,007,884 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\7c57mo6h56m738

[2011/12/17 06:24:05 | 000,007,884 | -HS- | C] () -- C:\ProgramData\7c57mo6h56m738

[2011/12/16 23:10:42 | 000,043,371 | ---- | C] () -- C:\Users\Jeremy\Desktop\New list.rtf

[2011/12/16 19:27:35 | 000,000,597 | ---- | C] () -- C:\Users\Jeremy\institutional constraints.rtf

[2011/12/16 17:57:24 | 147,344,525 | ---- | C] () -- C:\Users\Jeremy\jan1.wmv

[2011/12/15 17:06:42 | 000,007,966 | ---- | C] () -- C:\Users\Jeremy\Desktop\steph.rtf

[2011/12/15 03:53:20 | 000,000,282 | ---- | C] () -- C:\Users\Jeremy\Desktop\youtube smilies.rtf

[2011/12/14 00:40:06 | 000,163,492 | ---- | C] () -- C:\Users\Jeremy\Lol.jpg

[2011/12/14 00:39:11 | 000,154,492 | ---- | C] () -- C:\Users\Jeremy\Lol2.jpg

[2011/12/14 00:38:08 | 000,174,103 | ---- | C] () -- C:\Users\Jeremy\Lol3.jpg

[2011/12/12 22:08:16 | 000,000,589 | ---- | C] () -- C:\Users\Jeremy\integrals.rtf

[2011/12/12 00:40:33 | 000,004,728 | ---- | C] () -- C:\Users\Jeremy\Desktop\the objections.rtf

[2011/12/11 20:53:08 | 000,000,541 | ---- | C] () -- C:\Users\Jeremy\Desktop\filips list.rtf

[2011/12/08 13:09:02 | 122,455,226 | ---- | C] () -- C:\Users\Jeremy\custom.wmv

[2011/12/05 19:52:10 | 104,704,987 | ---- | C] () -- C:\Users\Jeremy\wah806.wmv

[2011/12/05 18:58:02 | 080,612,961 | ---- | C] () -- C:\Users\Jeremy\Back To Back.mp4

[2011/12/03 03:38:52 | 000,041,573 | ---- | C] () -- C:\Users\Jeremy\Desktop\Thread.rtf

[2011/12/03 02:16:57 | 000,000,800 | ---- | C] () -- C:\Users\Jeremy\Desktop\next oron post.rtf

[2011/12/01 14:01:45 | 000,000,162 | -H-- | C] () -- C:\Users\Jeremy\Desktop\~$nt list.rtf

[2011/12/01 04:56:41 | 000,000,863 | ---- | C] () -- C:\Users\Jeremy\Desktop\want list.rtf

[2011/12/01 01:56:31 | 000,001,500 | ---- | C] () -- C:\Users\Jeremy\Desktop\passwordprop.rtf

[2011/11/27 15:52:42 | 000,033,199 | ---- | C] () -- C:\Users\Jeremy\Desktop\firstprop.rtf

[2011/11/26 16:33:18 | 000,000,599 | ---- | C] () -- C:\Users\Jeremy\s.zip

[2011/11/25 22:31:59 | 091,627,478 | ---- | C] () -- C:\Users\Jeremy\Desktop\under_the_bridge.m4v

[2011/05/05 21:10:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/05 21:10:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/05 21:10:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/05 21:10:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/05 21:10:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/05 19:01:24 | 000,002,736 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\1FBA.696

[2011/02/27 04:51:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010/12/02 03:10:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/12/01 18:55:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/12/01 18:55:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/12/01 18:54:34 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010/02/24 07:52:05 | 000,484,257 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2010/02/24 06:00:19 | 000,000,552 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d8caps.dat

[2010/02/24 03:42:41 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old

[2010/02/24 01:30:49 | 000,008,328 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\iHFx3

[2009/06/17 05:58:15 | 000,036,505 | ---- | C] () -- C:\Program Files\Uninst.isu

[2009/04/20 08:12:08 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.001

[2009/04/20 06:27:40 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.dat

[2009/04/20 05:59:21 | 007,349,664 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe

[2009/04/19 23:58:24 | 000,054,272 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/19 23:14:48 | 000,001,356 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat

[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:43 | 000,264,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/22 14:53:54 | 010,220,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys

[2006/03/09 16:47:34 | 000,000,696 | ---- | C] () -- C:\Windows\ASUSCAM.ini

[2004/12/09 17:23:10 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini

[2002/07/05 09:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\authdvd.dll

========== LOP Check ==========

[2011/04/14 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\06FA499A75ADAC50907B1D0D980C374C

[2009/07/28 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DMCache

[2009/11/13 15:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\FreeFLVConverter

[2009/06/09 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\GetRightToGo

[2009/07/28 23:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\IDM

[2009/04/20 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\IrfanView

[2009/07/09 23:39:52 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Runiter

[2011/03/02 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Video Converter for Any Flv Player

[2011/12/22 12:57:24 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B879A65B

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O37 - HKU\S-1-5-21-1283384886-3572611219-3676154362-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2011/12/22 12:18:45 | 000,001,546 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\mvyfqw4x8ehs1mvg3nuh1c010r5u
    [2011/12/22 12:18:45 | 000,001,546 | -HS- | M] () -- C:\ProgramData\mvyfqw4x8ehs1mvg3nuh1c010r5u
    [2011/12/17 06:31:00 | 000,007,884 | -HS- | M] () -- C:\Users\Jeremy\AppData\Local\7c57mo6h56m738
    [2011/12/17 06:31:00 | 000,007,884 | -HS- | M] () -- C:\ProgramData\7c57mo6h56m738
    [2011/12/17 06:24:05 | 000,007,884 | -HS- | C] () -- C:\Users\Jeremy\AppData\Local\7c57mo6h56m738
    [2011/12/17 06:24:05 | 000,007,884 | -HS- | C] () -- C:\ProgramData\7c57mo6h56m738

    :Commands
    [emptytemp]
    [createrestorepoint]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

The log was already open as soon as windows started back up from the reboot. :)

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

Registry key HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000_Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000_Classes\exefile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Users\Jeremy\AppData\Local\mvyfqw4x8ehs1mvg3nuh1c010r5u moved successfully.

C:\ProgramData\mvyfqw4x8ehs1mvg3nuh1c010r5u moved successfully.

C:\Users\Jeremy\AppData\Local\7c57mo6h56m738 moved successfully.

C:\ProgramData\7c57mo6h56m738 moved successfully.

File C:\Users\Jeremy\AppData\Local\7c57mo6h56m738 not found.

File C:\ProgramData\7c57mo6h56m738 not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jeremy

->Temp folder emptied: 144451876 bytes

->Temporary Internet Files folder emptied: 3233389303 bytes

->Java cache emptied: 2686538 bytes

->FireFox cache emptied: 86211025 bytes

->Google Chrome cache emptied: 10030227 bytes

->Flash cache emptied: 61744 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 322381539 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,623.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12222011_185708

Files\Folders moved on Reboot...

C:\Windows\temp\fla3F61.tmp moved successfully.

C:\Windows\temp\fla45C3.tmp moved successfully.

C:\Windows\temp\fla5ED.tmp moved successfully.

C:\Windows\temp\flaCF2.tmp moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Last one....

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

I had to run ComboFix twice. The first time the scan process was interrupted with an alert telling me that combofix had found a "difficult rootkit" infection. My computer bluescreened and there was a physical memory dump. After the reboot, I ran combofix again, here is the log:

ComboFix 11-12-22.04 - Jeremy 12/23/2011 1:54.3.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1496 [GMT -5:00]

Running from: c:\users\Jeremy\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jeremy\20110106

c:\users\Jeremy\20110106\__MACOSX\20110106\._.DS_Store

c:\users\Jeremy\20110106\20110106\.DS_Store

c:\users\Jeremy\20110106\20110106\IMG_9536.jpg

c:\users\Jeremy\20110106\20110106\IMG_9537.jpg

c:\users\Jeremy\20110106\20110106\IMG_9538.jpg

c:\users\Jeremy\20110106\20110106\IMG_9539.jpg

c:\users\Jeremy\20110106\20110106\IMG_9540.jpg

c:\users\Jeremy\20110106\20110106\IMG_9541.jpg

c:\users\Jeremy\20110106\20110106\IMG_9542.jpg

c:\users\Jeremy\20110106\20110106\IMG_9543.jpg

c:\users\Jeremy\20110106\20110106\IMG_9544.jpg

c:\users\Jeremy\20110106\20110106\IMG_9545.jpg

c:\users\Jeremy\20110106\20110106\IMG_9546.jpg

c:\users\Jeremy\20110106\20110106\IMG_9547.jpg

c:\users\Jeremy\20110106\20110106\IMG_9548.jpg

c:\users\Jeremy\20110106\20110106\IMG_9549.jpg

c:\users\Jeremy\20110106\20110106\IMG_9551.jpg

c:\users\Jeremy\20110106\20110106\IMG_9553.jpg

c:\users\Jeremy\20110106\20110106\IMG_9554.jpg

c:\users\Jeremy\20110106\20110106\IMG_9555.jpg

c:\users\Jeremy\20110106\20110106\IMG_9558.jpg

c:\users\Jeremy\20110106\20110106\IMG_9559.jpg

c:\users\Jeremy\20110106\20110106\IMG_9560.jpg

c:\users\Jeremy\20110106\20110106\IMG_9561.jpg

c:\users\Jeremy\20110106\20110106\IMG_9562.jpg

c:\users\Jeremy\20110106\20110106\IMG_9563.jpg

c:\users\Jeremy\20110106\20110106\IMG_9564.jpg

c:\users\Jeremy\20110106\20110106\IMG_9565.jpg

c:\users\Jeremy\20110106\20110106\IMG_9566.jpg

c:\users\Jeremy\20110106\20110106\IMG_9567.jpg

c:\users\Jeremy\20110106\20110106\IMG_9568.jpg

c:\users\Jeremy\20110106\20110106\IMG_9569.jpg

c:\users\Jeremy\20110106\20110106\IMG_9570.jpg

c:\users\Jeremy\20110106\20110106\IMG_9571.jpg

c:\users\Jeremy\20110106\20110106\IMG_9572.jpg

c:\users\Jeremy\20110106\20110106\IMG_9573.jpg

c:\users\Jeremy\20110106\20110106\IMG_9574.jpg

c:\users\Jeremy\20110106\20110106\IMG_9575.jpg

c:\users\Jeremy\20110106\20110106\IMG_9576.jpg

c:\users\Jeremy\20110106\20110106\IMG_9578.jpg

c:\users\Jeremy\20110106\20110106\IMG_9580.jpg

c:\users\Jeremy\20110106\20110106\IMG_9581.jpg

c:\users\Jeremy\20110106\20110106\IMG_9582.jpg

c:\users\Jeremy\20110106\20110106\IMG_9583.jpg

c:\users\Jeremy\20110106\20110106\IMG_9584.jpg

c:\users\Jeremy\20110106\20110106\IMG_9585.jpg

c:\users\Jeremy\20110106\20110106\IMG_9586.jpg

c:\users\Jeremy\20110106\20110106\IMG_9587.jpg

c:\users\Jeremy\20110106\20110106\IMG_9588.jpg

c:\users\Jeremy\20110106\20110106\IMG_9589.jpg

c:\users\Jeremy\20110106\20110106\IMG_9590.jpg

c:\users\Jeremy\20110106\20110106\IMG_9591.jpg

c:\users\Jeremy\20110106\20110106\IMG_9592.jpg

c:\users\Jeremy\20110106\20110106\IMG_9593.jpg

c:\users\Jeremy\20110106\20110106\IMG_9594.jpg

c:\users\Jeremy\20110106\20110106\IMG_9595.jpg

c:\users\Jeremy\20110106\20110106\IMG_9596.jpg

c:\users\Jeremy\20110106\20110106\IMG_9597.jpg

c:\users\Jeremy\20110106\20110106\IMG_9598.jpg

c:\users\Jeremy\20110106\20110106\IMG_9599.jpg

c:\users\Jeremy\20110106\20110106\IMG_9600.jpg

c:\users\Jeremy\20110106\20110106\IMG_9601.jpg

c:\users\Jeremy\20110106\20110106\IMG_9602.jpg

c:\users\Jeremy\20110106\20110106\IMG_9604.jpg

c:\users\Jeremy\20110106\20110106\IMG_9605.jpg

c:\users\Jeremy\20110106\20110106\IMG_9606.jpg

c:\users\Jeremy\20110106\20110106\IMG_9607.jpg

c:\users\Jeremy\AppData\Roaming\1FBA.696

c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Templates\mvyfqw4x8ehs1mvg3nuh1c010r5u

c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\searchplugins\bing-zugo.xml

.

.

((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))

.

.

2011-12-23 07:03 . 2011-12-23 07:03 -------- d-----w- c:\users\Jeremy\AppData\Local\temp

2011-12-23 07:03 . 2011-12-23 07:03 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-12-23 07:03 . 2011-12-23 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-23 06:43 . 2011-12-23 06:43 -------- d-----w- c:\users\Jeremy\NathalieSet

2011-12-22 19:52 . 2011-12-22 19:52 -------- d-----w- c:\program files\Common Files\Adobe

2011-12-16 08:15 . 2011-12-17 11:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ECAD291-FF74-4DB8-92EC-71CDC667F946}\offreg.dll

2011-12-16 07:03 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ECAD291-FF74-4DB8-92EC-71CDC667F946}\mpengine.dll

2011-12-14 23:40 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-26 01:28 . 2011-11-26 01:29 -------- d-----w- c:\program files\Hide My IP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-24 11:50 . 2011-05-21 16:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-04-20 10:59 . 2009-04-20 10:59 7349664 ----a-w- c:\program files\FLV PlayerATBSetup.exe

2000-12-08 14:42 . 2009-06-17 10:58 2154496 ------w- c:\program files\DjVuSolo.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R0 plixa;plixa;c:\windows\System32\drivers\tyxuab.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9c2201c686ef0;Google Update Service (gupdate1c9c2201c686ef0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 133104]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 133104]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-30 21:15]

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 01:25]

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 01:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\wak466kp.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Zwangi: {DFF722C4-4A11-41A7-9939-C83A06B09897} - c:\program files\Mozilla Firefox\extensions\{DFF722C4-4A11-41A7-9939-C83A06B09897}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-23 02:03

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000_Classes\CLSID\{415cdf1f-c7fe-44b4-96b3-875ff42ddef7}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000c6

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,2b,ef,01,fa,1a,0c,dd,d1,37,4b,a3,49,b6,c2,fe,2e,97,c1,a4,7e,57,02,\

.

[HKEY_USERS\S-1-5-21-1283384886-3572611219-3676154362-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):99,35,37,2e,82,79,4b,42,77,09,2f,3d,4a,c4,a0,05,8d,ef,ce,53,75,

5b,6e,a3,e5,ad,7d,f7,d2,b5,c1,ec,23,bf,61,72,03,b7,d2,69,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-12-23 02:07:00

ComboFix-quarantined-files.txt 2011-12-23 07:06

ComboFix2.txt 2011-05-06 02:20

ComboFix3.txt 2010-11-20 18:49

.

Pre-Run: 4,150,976,512 bytes free

Post-Run: 4,010,426,368 bytes free

.

- - End Of File - - B44E012F7CC2CC2D156ADDCC27576B06

Link to post
Share on other sites

Thanks for your help! It looks like everything is working fine, and nothing was detected by malwarebytes.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 911122307

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19170

12/23/2011 9:57:16 AM

mbam-log-2011-12-23 (09-57-16).txt

Scan type: Quick scan

Objects scanned: 154439

Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great :)

Please update your Java, older versions are vulnerable to malware:

BrowserJavaVersion: 1.6.0_26 <------should be 30

Go to your control panel > Java > update

http://www.java.com/en/download/installed.jsp <---verify your Java

------------------------------------

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your Keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer.

ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.